iDefineHD
53d0c89d17
Some checks failed
Deploy to Production Server / Deploy to 178.63.127.19 (push) Has been cancelled
460 lines
11 KiB
Bash
460 lines
11 KiB
Bash
#!/bin/bash
|
|
|
|
#######################################################
|
|
# TurboTrades Server Setup Script
|
|
# Automated setup for production server 178.63.127.19
|
|
#######################################################
|
|
|
|
set -e # Exit on error
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m' # No Color
|
|
|
|
# Configuration
|
|
SERVER_IP="178.63.127.19"
|
|
DEPLOY_PATH="/var/www/turbotrades"
|
|
APP_NAME="turbotrades"
|
|
NODE_VERSION="20"
|
|
|
|
# Functions
|
|
print_status() {
|
|
echo -e "${BLUE}[INFO]${NC} $1"
|
|
}
|
|
|
|
print_success() {
|
|
echo -e "${GREEN}[SUCCESS]${NC} $1"
|
|
}
|
|
|
|
print_warning() {
|
|
echo -e "${YELLOW}[WARNING]${NC} $1"
|
|
}
|
|
|
|
print_error() {
|
|
echo -e "${RED}[ERROR]${NC} $1"
|
|
}
|
|
|
|
# Check if running as root
|
|
check_root() {
|
|
if [[ $EUID -ne 0 ]]; then
|
|
print_warning "This script should be run as root. Some commands may require sudo."
|
|
read -p "Continue anyway? (y/n) " -n 1 -r
|
|
echo
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
exit 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# Update system
|
|
update_system() {
|
|
print_status "Updating system packages..."
|
|
apt update && apt upgrade -y
|
|
print_success "System updated"
|
|
}
|
|
|
|
# Install Node.js
|
|
install_nodejs() {
|
|
print_status "Installing Node.js ${NODE_VERSION}..."
|
|
|
|
if command -v node &> /dev/null; then
|
|
NODE_CURRENT=$(node -v)
|
|
print_warning "Node.js is already installed: $NODE_CURRENT"
|
|
read -p "Reinstall/Update? (y/n) " -n 1 -r
|
|
echo
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
return
|
|
fi
|
|
fi
|
|
|
|
curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash -
|
|
apt-get install -y nodejs
|
|
|
|
print_success "Node.js installed: $(node -v)"
|
|
print_success "NPM installed: $(npm -v)"
|
|
}
|
|
|
|
# Install MongoDB
|
|
install_mongodb() {
|
|
print_status "Installing MongoDB..."
|
|
|
|
if command -v mongod &> /dev/null; then
|
|
print_warning "MongoDB is already installed"
|
|
read -p "Reinstall? (y/n) " -n 1 -r
|
|
echo
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
return
|
|
fi
|
|
fi
|
|
|
|
# Import MongoDB public key
|
|
curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | \
|
|
gpg --dearmor -o /usr/share/keyrings/mongodb-server-7.0.gpg
|
|
|
|
# Add MongoDB repository
|
|
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu $(lsb_release -cs)/mongodb-org/7.0 multiverse" | \
|
|
tee /etc/apt/sources.list.d/mongodb-org-7.0.list
|
|
|
|
# Install MongoDB
|
|
apt update
|
|
apt install -y mongodb-org
|
|
|
|
# Start and enable MongoDB
|
|
systemctl start mongod
|
|
systemctl enable mongod
|
|
|
|
print_success "MongoDB installed and started"
|
|
}
|
|
|
|
# Install PM2
|
|
install_pm2() {
|
|
print_status "Installing PM2..."
|
|
|
|
if command -v pm2 &> /dev/null; then
|
|
print_warning "PM2 is already installed: $(pm2 -v)"
|
|
read -p "Reinstall? (y/n) " -n 1 -r
|
|
echo
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
return
|
|
fi
|
|
fi
|
|
|
|
npm install -g pm2
|
|
|
|
# Setup PM2 startup script
|
|
pm2 startup systemd -u $SUDO_USER --hp /home/$SUDO_USER
|
|
|
|
print_success "PM2 installed: $(pm2 -v)"
|
|
}
|
|
|
|
# Install Nginx
|
|
install_nginx() {
|
|
print_status "Installing Nginx..."
|
|
|
|
if command -v nginx &> /dev/null; then
|
|
print_warning "Nginx is already installed"
|
|
read -p "Continue anyway? (y/n) " -n 1 -r
|
|
echo
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
return
|
|
fi
|
|
fi
|
|
|
|
apt install -y nginx
|
|
systemctl start nginx
|
|
systemctl enable nginx
|
|
|
|
print_success "Nginx installed and started"
|
|
}
|
|
|
|
# Install Git
|
|
install_git() {
|
|
print_status "Installing Git..."
|
|
|
|
if command -v git &> /dev/null; then
|
|
print_success "Git is already installed: $(git --version)"
|
|
return
|
|
fi
|
|
|
|
apt install -y git
|
|
print_success "Git installed: $(git --version)"
|
|
}
|
|
|
|
# Create deployment directory
|
|
create_deploy_directory() {
|
|
print_status "Creating deployment directory: ${DEPLOY_PATH}"
|
|
|
|
mkdir -p ${DEPLOY_PATH}
|
|
|
|
# Set ownership to current user
|
|
if [ -n "$SUDO_USER" ]; then
|
|
chown -R $SUDO_USER:$SUDO_USER ${DEPLOY_PATH}
|
|
fi
|
|
|
|
print_success "Deployment directory created"
|
|
}
|
|
|
|
# Setup firewall
|
|
setup_firewall() {
|
|
print_status "Configuring firewall..."
|
|
|
|
if ! command -v ufw &> /dev/null; then
|
|
apt install -y ufw
|
|
fi
|
|
|
|
# Allow SSH, HTTP, HTTPS
|
|
ufw allow 22/tcp
|
|
ufw allow 80/tcp
|
|
ufw allow 443/tcp
|
|
|
|
# Enable firewall
|
|
ufw --force enable
|
|
|
|
print_success "Firewall configured"
|
|
ufw status
|
|
}
|
|
|
|
# Generate SSH deploy key
|
|
generate_deploy_key() {
|
|
print_status "Generating SSH deploy key..."
|
|
|
|
SSH_DIR="/home/$SUDO_USER/.ssh"
|
|
DEPLOY_KEY="$SSH_DIR/turbotrades_deploy_key"
|
|
|
|
if [ -f "$DEPLOY_KEY" ]; then
|
|
print_warning "Deploy key already exists at $DEPLOY_KEY"
|
|
read -p "Generate new key? (y/n) " -n 1 -r
|
|
echo
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
return
|
|
fi
|
|
fi
|
|
|
|
mkdir -p $SSH_DIR
|
|
ssh-keygen -t ed25519 -C "deploy@turbotrades" -f $DEPLOY_KEY -N ""
|
|
|
|
chown -R $SUDO_USER:$SUDO_USER $SSH_DIR
|
|
chmod 700 $SSH_DIR
|
|
chmod 600 $DEPLOY_KEY
|
|
chmod 644 $DEPLOY_KEY.pub
|
|
|
|
print_success "Deploy key generated!"
|
|
echo ""
|
|
print_status "=== PUBLIC KEY (Add to GitHub Deploy Keys) ==="
|
|
cat $DEPLOY_KEY.pub
|
|
echo ""
|
|
print_status "=== PRIVATE KEY (Add to GitHub Secrets as SSH_PRIVATE_KEY) ==="
|
|
cat $DEPLOY_KEY
|
|
echo ""
|
|
print_warning "Save these keys securely!"
|
|
}
|
|
|
|
# Create .env template
|
|
create_env_template() {
|
|
print_status "Creating .env template..."
|
|
|
|
ENV_FILE="${DEPLOY_PATH}/.env.example"
|
|
|
|
cat > $ENV_FILE << 'EOF'
|
|
# Server Configuration
|
|
NODE_ENV=production
|
|
PORT=3000
|
|
HOST=0.0.0.0
|
|
|
|
# Database
|
|
MONGODB_URI=mongodb://localhost:27017/turbotrades
|
|
|
|
# Session Secret (Generate a secure random string)
|
|
SESSION_SECRET=change-this-to-a-random-string
|
|
|
|
# Steam API
|
|
STEAM_API_KEY=your-steam-api-key-here
|
|
STEAM_RETURN_URL=http://178.63.127.19:3000/auth/steam/return
|
|
|
|
# JWT Secret (Generate a secure random string)
|
|
JWT_SECRET=change-this-to-a-random-string
|
|
JWT_ACCESS_EXPIRY=15m
|
|
JWT_REFRESH_EXPIRY=7d
|
|
|
|
# CORS
|
|
CORS_ORIGIN=http://178.63.127.19
|
|
|
|
# Redis (if using)
|
|
REDIS_URL=redis://localhost:6379
|
|
|
|
# Admin Steam IDs (comma-separated)
|
|
ADMIN_STEAM_IDS=76561198000000000
|
|
|
|
# Bot Configuration
|
|
STEAM_BOT_USERNAME=your-bot-username
|
|
STEAM_BOT_PASSWORD=your-bot-password
|
|
STEAM_BOT_SHARED_SECRET=your-bot-shared-secret
|
|
STEAM_BOT_IDENTITY_SECRET=your-bot-identity-secret
|
|
|
|
# CSGOFloat API (optional)
|
|
CSGOFLOAT_API_KEY=your-csgofloat-api-key
|
|
|
|
# Pricing API (optional)
|
|
PRICING_API_KEY=your-pricing-api-key
|
|
EOF
|
|
|
|
print_success ".env template created at $ENV_FILE"
|
|
print_warning "Remember to create ${DEPLOY_PATH}/.env with actual values!"
|
|
}
|
|
|
|
# Create Nginx configuration
|
|
create_nginx_config() {
|
|
print_status "Creating Nginx configuration..."
|
|
|
|
NGINX_CONFIG="/etc/nginx/sites-available/turbotrades"
|
|
|
|
cat > $NGINX_CONFIG << 'EOF'
|
|
server {
|
|
listen 80;
|
|
server_name 178.63.127.19;
|
|
|
|
client_max_body_size 10M;
|
|
|
|
# Frontend (Vite build)
|
|
location / {
|
|
root /var/www/turbotrades/frontend/dist;
|
|
try_files $uri $uri/ /index.html;
|
|
|
|
# Cache static assets
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
}
|
|
|
|
# Backend API
|
|
location /api {
|
|
proxy_pass http://localhost:3000;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_cache_bypass $http_upgrade;
|
|
proxy_read_timeout 300s;
|
|
proxy_connect_timeout 75s;
|
|
}
|
|
|
|
# WebSocket support
|
|
location /ws {
|
|
proxy_pass http://localhost:3000;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
}
|
|
|
|
# Auth routes
|
|
location /auth {
|
|
proxy_pass http://localhost:3000;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
}
|
|
EOF
|
|
|
|
# Enable the site
|
|
ln -sf $NGINX_CONFIG /etc/nginx/sites-enabled/turbotrades
|
|
|
|
# Test Nginx configuration
|
|
nginx -t
|
|
|
|
# Restart Nginx
|
|
systemctl restart nginx
|
|
|
|
print_success "Nginx configuration created and enabled"
|
|
}
|
|
|
|
# Create logs directory
|
|
create_logs_directory() {
|
|
print_status "Creating logs directory..."
|
|
|
|
LOG_DIR="${DEPLOY_PATH}/logs"
|
|
mkdir -p $LOG_DIR
|
|
|
|
if [ -n "$SUDO_USER" ]; then
|
|
chown -R $SUDO_USER:$SUDO_USER $LOG_DIR
|
|
fi
|
|
|
|
print_success "Logs directory created at $LOG_DIR"
|
|
}
|
|
|
|
# Print next steps
|
|
print_next_steps() {
|
|
echo ""
|
|
echo "=========================================="
|
|
print_success "Server setup complete!"
|
|
echo "=========================================="
|
|
echo ""
|
|
print_status "Next steps:"
|
|
echo ""
|
|
echo "1. Add the deploy key to Gitea:"
|
|
echo " - Go to: https://git.turbotrades.dev/iDefineHD/TurboTrades/settings/keys"
|
|
echo " - Add the PUBLIC key shown above"
|
|
echo ""
|
|
echo "2. Add Repository Secrets:"
|
|
echo " - Go to: https://git.turbotrades.dev/iDefineHD/TurboTrades/settings"
|
|
echo " - Add these secrets:"
|
|
echo " - SERVER_HOST: ${SERVER_IP}"
|
|
echo " - SERVER_USER: $(whoami)"
|
|
echo " - SERVER_PORT: 22"
|
|
echo " - SSH_PRIVATE_KEY: (the private key shown above)"
|
|
echo " - DEPLOY_PATH: ${DEPLOY_PATH}"
|
|
echo ""
|
|
echo "3. Clone your repository:"
|
|
echo " cd ${DEPLOY_PATH}"
|
|
echo " git clone https://git.turbotrades.dev/iDefineHD/TurboTrades.git ."
|
|
echo ""
|
|
echo "4. Create .env file:"
|
|
echo " cp ${DEPLOY_PATH}/.env.example ${DEPLOY_PATH}/.env"
|
|
echo " nano ${DEPLOY_PATH}/.env"
|
|
echo " (Fill in your actual configuration)"
|
|
echo ""
|
|
echo "5. Install dependencies and build:"
|
|
echo " cd ${DEPLOY_PATH}"
|
|
echo " npm ci --production"
|
|
echo " cd frontend && npm ci && npm run build && cd .."
|
|
echo ""
|
|
echo "6. Start the application:"
|
|
echo " pm2 start ecosystem.config.js --env production"
|
|
echo " pm2 save"
|
|
echo ""
|
|
echo "7. Visit your application:"
|
|
echo " http://${SERVER_IP}"
|
|
echo ""
|
|
print_success "Setup complete! 🎉"
|
|
}
|
|
|
|
# Main script
|
|
main() {
|
|
echo "=========================================="
|
|
echo " TurboTrades Server Setup"
|
|
echo " Server: ${SERVER_IP}"
|
|
echo "=========================================="
|
|
echo ""
|
|
|
|
check_root
|
|
|
|
print_status "Starting server setup..."
|
|
echo ""
|
|
|
|
# Run all setup functions
|
|
update_system
|
|
install_nodejs
|
|
install_mongodb
|
|
install_pm2
|
|
install_nginx
|
|
install_git
|
|
create_deploy_directory
|
|
setup_firewall
|
|
generate_deploy_key
|
|
create_env_template
|
|
create_nginx_config
|
|
create_logs_directory
|
|
|
|
# Print next steps
|
|
print_next_steps
|
|
}
|
|
|
|
# Run main function
|
|
main
|