add production server deployment script
This commit is contained in:
parent
38098c048a
commit
39f69a88f2
|
|
@ -1 +1,2 @@
|
|||
config
|
||||
notes.txt
|
||||
|
|
|
|||
|
|
@ -0,0 +1,154 @@
|
|||
#!/bin/sh
|
||||
|
||||
# TODO basic error checking
|
||||
# TODO verbosity
|
||||
|
||||
_lets_encrypt_email="wptest@isnet.uk"
|
||||
_server_base_url="wptest.isnet.uk"
|
||||
|
||||
# add user
|
||||
useradd -m -s /bin/bash ray
|
||||
groupadd docker
|
||||
usermod -aG docker ray
|
||||
mkdir /home/ray/.ssh
|
||||
cp /root/.ssh/authorized_keys /home/ray/.ssh/
|
||||
chown ray: /home/ray/.ssh/authorized_keys
|
||||
|
||||
apt-get update
|
||||
apt-get install \
|
||||
apt-transport-https \
|
||||
ca-certificates \
|
||||
curl \
|
||||
gnupg2 \
|
||||
software-properties-common \
|
||||
apache2-utils \
|
||||
ufw
|
||||
|
||||
ufw allow ssh
|
||||
ufw allow http
|
||||
ufw allow https
|
||||
ufw enable
|
||||
|
||||
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
|
||||
add-apt-repository \
|
||||
"deb [arch=amd64] https://download.docker.com/linux/debian \
|
||||
$(lsb_release -cs) \
|
||||
stable"
|
||||
apt-get update
|
||||
apt-get install docker-ce docker-ce-cli containerd.io
|
||||
|
||||
curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
||||
chmod +x /usr/local/bin/docker-compose
|
||||
|
||||
echo "Basic HTTP authorisation password for user: ray"
|
||||
_HT_PASSWD=$(htpasswd -nB ray | sed -e 's/\$/\$\$/g')
|
||||
|
||||
docker network create web
|
||||
|
||||
mkdir -p /var/docker/traefik
|
||||
mkdir -p /var/docker/portainer
|
||||
touch /var/docker/traefik/acme.json
|
||||
chmod 600 /var/docker/traefik/acme.json
|
||||
|
||||
cd /var/docker/traefik || exit 20
|
||||
echo "api:
|
||||
dashboard: true
|
||||
|
||||
entryPoints:
|
||||
http:
|
||||
address: \":80\"
|
||||
https:
|
||||
address: \":443\"
|
||||
|
||||
providers:
|
||||
docker:
|
||||
endpoint: \"unix:///var/run/docker.sock\"
|
||||
exposedByDefault: false
|
||||
|
||||
certificatesResolvers:
|
||||
http:
|
||||
acme:
|
||||
email: $_lets_encrypt_email
|
||||
storage: acme.json
|
||||
httpChallenge:
|
||||
entryPoint: http
|
||||
" > traefik.yml
|
||||
|
||||
echo "version: '3'
|
||||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v2.0
|
||||
container_name: traefik
|
||||
restart: unless-stopped
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
networks:
|
||||
- web
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ./traefik.yml:/traefik.yml:ro
|
||||
- ./acme.json:/acme.json
|
||||
labels:
|
||||
- \"traefik.enable=true\"
|
||||
- \"traefik.http.routers.traefik.entrypoints=http\"
|
||||
- \"traefik.http.routers.traefik.rule=Host(\`$_server_base_url\`)\"
|
||||
- \"traefik.http.middlewares.traefik-auth.basicauth.users=$_HT_PASSWD\"
|
||||
- \"traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https\"
|
||||
- \"traefik.http.routers.traefik.middlewares=traefik-https-redirect\"
|
||||
- \"traefik.http.routers.traefik-secure.entrypoints=https\"
|
||||
- \"traefik.http.routers.traefik-secure.rule=Host(\`$_server_base_url\`)\"
|
||||
- \"traefik.http.routers.traefik-secure.middlewares=traefik-auth\"
|
||||
- \"traefik.http.routers.traefik-secure.tls=true\"
|
||||
- \"traefik.http.routers.traefik-secure.tls.certresolver=http\"
|
||||
- \"traefik.http.routers.traefik-secure.service=api@internal\"
|
||||
|
||||
networks:
|
||||
web:
|
||||
external: true
|
||||
" >> docker-compose.yml
|
||||
docker-compose up -d
|
||||
|
||||
cd /var/docker/portainer || exit 30
|
||||
# create /var/docker/portainer/docker-compose.yml
|
||||
_portainer_url="portainer.$_server_base_url"
|
||||
echo "version: '3'
|
||||
|
||||
services:
|
||||
portainer:
|
||||
image: portainer/portainer:latest
|
||||
container_name: portainer
|
||||
restart: unless-stopped
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
networks:
|
||||
- web
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ./data:/data
|
||||
labels:
|
||||
- \"traefik.enable=true\"
|
||||
- \"traefik.http.routers.portainer.entrypoints=http\"
|
||||
- \"traefik.http.routers.portainer.rule=Host(\`$_portainer_url\`)\"
|
||||
- \"traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https\"
|
||||
- \"traefik.http.routers.portainer.middlewares=portainer-https-redirect\"
|
||||
- \"traefik.http.routers.portainer-secure.entrypoints=https\"
|
||||
- \"traefik.http.routers.portainer-secure.rule=Host(\`$_portainer_url\`)\"
|
||||
- \"traefik.http.routers.portainer-secure.tls=true\"
|
||||
- \"traefik.http.routers.portainer-secure.tls.certresolver=http\"
|
||||
- \"traefik.http.routers.portainer-secure.service=portainer\"
|
||||
- \"traefik.http.services.portainer.loadbalancer.server.port=9000\"
|
||||
- \"traefik.docker.network=web\"
|
||||
|
||||
networks:
|
||||
web:
|
||||
external: true
|
||||
" >> docker-compose.yml
|
||||
docker-compose up -d
|
||||
echo "VISIT PORTAINER URL NOW TO SET INITIAL LOGIN:" # or see if can set from script
|
||||
echo " https://$_portainer_url"
|
||||
Loading…
Reference in New Issue