From: Christian Heller Date: Fri, 23 Dec 2022 23:05:09 +0000 (+0100) Subject: Add basic microblog.pub setup. X-Git-Url: https://plomlompom.com/repos/%7B%7B%20web_path%20%7D%7D/%7B%7Btodo.comment%7D%7D?a=commitdiff_plain;h=118c58477dea1bbcbf1d7768469f43839f249a80;p=config Add basic microblog.pub setup. --- diff --git a/bullseye/etc_files/microblogpub/etc/nginx/sites-available/microblogpub.nginx b/bullseye/etc_files/microblogpub/etc/nginx/sites-available/microblogpub.nginx new file mode 100644 index 0000000..36e2447 --- /dev/null +++ b/bullseye/etc_files/microblogpub/etc/nginx/sites-available/microblogpub.nginx @@ -0,0 +1,23 @@ +server { + listen 443 ssl; + client_max_body_size 4G; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_redirect off; + proxy_buffering off; + proxy_pass http://localhost:8000; + } +} + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} diff --git a/bullseye/setup_scripts/setup_microblogpub.sh b/bullseye/setup_scripts/setup_microblogpub.sh new file mode 100755 index 0000000..814f6b9 --- /dev/null +++ b/bullseye/setup_scripts/setup_microblogpub.sh @@ -0,0 +1,47 @@ +#!/bin/sh +set -e +set -x + +if [ "$#" -ne 3 ] && [ "$#" -ne 4 ]; then + echo 'Need domain name and mail and init state and possibly old server IP as argument.' + false +fi +if [ ! "$3" = "copy" ] && [ ! "$3" = "new" ]; then + echo "Need init state to be either 'copy' or 'new'." + false +fi +if [ ! "$3" = "new" ] && [ "$#" -ne 4 ]; then + echo "With init state != 'new' need fifth argument old server IP." + false +fi +domain="$1" +mail="$2" +init_state="$3" +old_server="$4" + +# Install configs, set up firewall. +config_tree_prefix="${HOME}/config/bullseye" +./install_for_target.sh web +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web microblogpub +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Install Python 3.10 from source (Bullseye only has 3.9). +apt build-dep python3 +python_version=3.11.1 +python_dirname="Python-3.1.11.1" +su -lc "wget https://www.python.org/ftp/python/3.11.1/${python_dirname}.tgz" plom +su -lc "tar -xvf ${python_dirname}.tgz" plom +su -lc "cd ${python_dirname} && ./configure && make && make test" +cd /home/plom/${python_dirname}/ +make altinstall +cd + +# Prepare and start NGINX config. +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/microblogpub.nginx +ln -s /etc/nginx/sites-available/microblogpub.nginx /etc/nginx/sites-enabled/microblogpub.nginx +service nginx restart