No Description

install.sh 4.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
  1. #!/bin/bash
  2. set -o errexit
  3. INSTALL_DIR=$(pwd)
  4. OPENRESTY_VERSION=1.13.6.1
  5. LUAROCKS_VERSION=2.4.1
  6. POSTGRES_PASSWORD=$(cat /dev/urandom | head -c 12 | base64)
  7. if [ "$1" != "dev" ]
  8. then
  9. read -p "Enter email address for use with certbot-auto: " EMAIL_ADDRESS
  10. read -p "Enter the domain name this will be running on: " DOMAIN_NAME
  11. read -p "Enter the port this will be running on: " PORT
  12. fi
  13. EMAIL_ADDRESS=${EMAIL_ADDRESS:-noone@example.com}
  14. DOMAIN_NAME=${DOMAIN_NAME:-localhost}
  15. PORT=${PORT:-9872}
  16. ### PREREQUISITES ###
  17. sudo apt-get update
  18. if ! command -v nginx >/dev/null 2>&1 && [ "$1" != "dev" ]
  19. then
  20. sudo apt-get install nginx -y
  21. fi
  22. if ! command -v certbot-auto >/dev/null 2>&1 && [ "$1" != "dev" ]
  23. then
  24. wget https://dl.eff.org/certbot-auto
  25. chmod a+x ./certbot-auto
  26. sudo mv ./certbot-auto /bin/certbot-auto
  27. fi
  28. if ! command -v psql >/dev/null 2>&1
  29. then
  30. sudo apt-get install postgresql -y
  31. fi
  32. if ! command -v openresty >/dev/null 2>&1 || [ ! -d '/usr/local/openresty' ]
  33. then
  34. sudo apt-get install wget curl lua5.1 liblua5.1-0-dev zip unzip libreadline-dev libncurses5-dev libpcre3-dev openssl libssl-dev perl make build-essential -y
  35. cd ..
  36. wget https://openresty.org/download/openresty-$OPENRESTY_VERSION.tar.gz
  37. tar xvf openresty-$OPENRESTY_VERSION.tar.gz
  38. cd openresty-$OPENRESTY_VERSION
  39. ./configure
  40. make
  41. sudo make install
  42. cd ..
  43. rm -rf openresty-$OPENRESTY_VERSION*
  44. cd $INSTALL_DIR
  45. fi
  46. if ! command -v luarocks >/dev/null 2>&1
  47. then
  48. sudo apt-get install wget curl lua5.1 liblua5.1-0-dev zip unzip libreadline-dev libncurses5-dev libpcre3-dev openssl libssl-dev perl make build-essential -y
  49. cd ..
  50. wget https://keplerproject.github.io/luarocks/releases/luarocks-$LUAROCKS_VERSION.tar.gz
  51. tar xvf luarocks-$LUAROCKS_VERSION.tar.gz
  52. cd luarocks-$LUAROCKS_VERSION
  53. ./configure
  54. make build
  55. sudo make install
  56. cd ..
  57. rm -rf luarocks-$LUAROCKS_VERSION*
  58. cd $INSTALL_DIR
  59. fi
  60. sudo luarocks install luacrypto # needed for pgmoon, but not installed automatically ?
  61. sudo luarocks install lapis
  62. sudo luarocks install moonscript
  63. sudo luarocks install bcrypt
  64. sudo luarocks install lapis-console # not used yet, but I totally will
  65. # Certificate / TLS Security
  66. if [ "$1" != "dev" ]
  67. then
  68. sudo nginx -s stop
  69. sudo certbot-auto certonly --standalone --agree-tos --no-eff-email -n -m $EMAIL_ADDRESS -d $DOMAIN_NAME
  70. sudo nginx
  71. openssl dhparam -out ./dhparams.pem 2048
  72. fi
  73. # Database access
  74. sudo -u postgres createuser simplex
  75. sudo -u postgres createdb simplex
  76. sudo -u postgres bash -c 'psql -c "ALTER USER simplex WITH ENCRYPTED PASSWORD '\'$POSTGRES_PASSWORD\''; GRANT ALL PRIVILEGES ON DATABASE simplex TO simplex;"'
  77. # Secrets setup
  78. echo "{
  79. sql_password: '$POSTGRES_PASSWORD'
  80. session_secret: '$(cat /dev/urandom | head -c 12 | base64)'
  81. _domain: '$DOMAIN_NAME'
  82. _port: $PORT
  83. }" > ./secret.moon
  84. # Compile, Change owner, Run migrations
  85. moonc .
  86. sudo chown -R www-data:www-data ./
  87. lapis migrate production
  88. # As-a-Service
  89. if [ "$1" != "dev" ]
  90. then
  91. sudo echo "[Unit]
  92. Description=simplex server
  93. [Service]
  94. User=www-data
  95. Type=forking
  96. WorkingDirectory=$INSTALL_DIR
  97. ExecStart=$(which lapis) server production
  98. ExecReload=$(which lapis) build production
  99. ExecStop=$(which lapis) term
  100. [Install]
  101. WantedBy=multi-user.target" > /etc/systemd/system/simplex.service
  102. sudo systemctl daemon-reload
  103. sudo systemctl enable simplex.service
  104. sudo service simplex start
  105. # Proxy
  106. sudo echo "server {
  107. listen 443 ssl;
  108. server_name $DOMAIN_NAME;
  109. add_header Strict-Transport-Security \"max-age=63072000; preload\"; # DO NOT includeSubDomains; (some subdomains intentionally served over HTTP for now)
  110. add_header X-Frame-Options DENY;
  111. add_header X-Content-Type-Options nosniff;
  112. ssl_certificate /etc/letsencrypt/live/$DOMAIN_NAME/fullchain.pem;
  113. ssl_certificate_key /etc/letsencrypt/live/$DOMAIN_NAME/privkey.pem;
  114. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  115. ssl_prefer_server_ciphers on;
  116. ssl_ciphers \"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\";
  117. ssl_ecdh_curve secp384r1;
  118. ssl_session_cache shared:SSL:10m;
  119. ssl_session_tickets off;
  120. ssl_stapling on;
  121. ssl_stapling_verify on;
  122. ssl_dhparam $INSTALL_DIR/dhparams.pem;
  123. location / {
  124. proxy_pass http://127.0.0.1:$PORT;
  125. }
  126. }" > /etc/nginx/sites-enabled/simplex-proxy.conf
  127. sudo nginx -s reload
  128. fi