diff --git a/install.sh b/install.sh index ba78e0d..eafa420 100644 --- a/install.sh +++ b/install.sh @@ -2,12 +2,12 @@ source ./user/create_user.sh source ./user/ssh_config.sh -source ./web/install_nginx.sh +source ./web/install_caddy.sh source ./web/setup_ufw.sh source ./docker/install_docker.sh source ./utils/install_vim.sh source ./utils/install_zsh.sh -source ./monitoring/install_prometehus.sh +source ./monitoring/install_prometheus.sh chmod +x ./user/create_user.sh chmod +x ./user/ssh_config.sh @@ -16,7 +16,7 @@ chmod +x ./web/setup_ufw.sh chmod +x ./docker/install_docker.sh chmod +x ./utils/install_vim.sh chmod +x ./utils/install_zsh.sh -chmod +x ./monitoring/install_prometehus.sh +chmod +x ./monitoring/install_prometheus.sh if [ -z "$1" ]; then echo "Usage: $0 " @@ -27,7 +27,7 @@ fi install_docker # Web -install_nginx +install_caddy $1 setup_ufw # User @@ -39,4 +39,4 @@ install_vim install_zsh $1 # Monitoring -install_prometehus $1 +install_prometheus $1 diff --git a/monitoring/install_prometehus.sh b/monitoring/install_prometehus.sh deleted file mode 100644 index 710d4ed..0000000 --- a/monitoring/install_prometehus.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -function install_prometehus() { - REPO_URL="https://raw.githubusercontent.com/elAgala/monitoring-template/master" - username="$1" - monitoring_dir="/home/$username/monitoring" - - echo "[ MONITOR ]: Starting Prometehus setup" - mkdir -p "$monitoring_dir" - wget "$REPO_URL/docker-compose.yml" -O "$monitoring_dir/docker-compose.yml" - wget "$REPO_URL/prometheus.yml" -O "$monitoring_dir/prometheus.yml" - cd "$monitoring_dir" - echo "[ MONITOR ]: Prometheus Installed. Starting on docker container" - sudo docker-compose up -d - echo "[ MONITOR ]: Prometehus up & running on port 9090" -} diff --git a/monitoring/install_prometheus.sh b/monitoring/install_prometheus.sh new file mode 100644 index 0000000..36245a3 --- /dev/null +++ b/monitoring/install_prometheus.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +function install_prometheus() { + REPO_URL="https://raw.githubusercontent.com/elAgala/server-initializer/master" + TEMPLATE_PATH="/templates/monitoring" + username="$1" + monitoring_dir="/home/$username/monitoring" + + echo "[ MONITOR ]: Starting Prometheus setup" + mkdir -p "$monitoring_dir" + wget "$REPO_URL/$TEMPLATE_PATH/docker-compose.yml" -O "$monitoring_dir/docker-compose.yml" + wget "$REPO_URL/$TEMPLATE_PATH/prometheus.yml" -O "$monitoring_dir/prometheus.yml" + cd "$monitoring_dir" + echo "[ MONITOR ]: Prometheus Installed. Starting on docker container" + sudo docker compose up -d + echo "[ MONITOR ]: Prometheus up & running on port 9090" +} diff --git a/templates/caddy/Caddyfile b/templates/caddy/Caddyfile new file mode 100644 index 0000000..1ef68a5 --- /dev/null +++ b/templates/caddy/Caddyfile @@ -0,0 +1,10 @@ +# Static content server +domain.com { + root * /srv/static + file_server +} + +# Reverse proxy +ssl.test.benitez.ar { + reverse_proxy * http://localhost:9090 +} diff --git a/templates/caddy/docker-compose.yml b/templates/caddy/docker-compose.yml new file mode 100644 index 0000000..681862a --- /dev/null +++ b/templates/caddy/docker-compose.yml @@ -0,0 +1,14 @@ +services: + caddy: + image: caddy:latest + container_name: caddy + network_mode: "host" # Allow access to local networks (EX: Backend running on port 3000) + ports: + - "80:80" + - "443:443" + volumes: + - ./settings:/etc/caddy + - ./static:/srv/static + - ./caddy_data:/data + - ./caddy_config:/config + restart: unless-stopped diff --git a/templates/monitoring/docker-compose.grafana.yml b/templates/monitoring/docker-compose.grafana.yml new file mode 100644 index 0000000..a7ea3a9 --- /dev/null +++ b/templates/monitoring/docker-compose.grafana.yml @@ -0,0 +1,39 @@ +services: + prometheus: + image: prom/prometheus:latest + container_name: prometheus + restart: always + ports: + - "9090:9090" + volumes: + - ./prometheus.yml:/etc/prometheus/prometheus.yml + networks: + - monitoring_net + + grafana: + image: grafana/grafana:latest + container_name: grafana + restart: always + ports: + - "3000:3000" + environment: + - GF_SECURITY_ADMIN_PASSWORD=YOUR_PASSWORD + - GE_SERVER_ROOT_URL=YOUR_URL + depends_on: + - prometheus + networks: + - monitoring_net + + node_exporter: + image: prom/node-exporter:latest + container_name: node-exporter + restart: always + ports: + - "9100:9100" + networks: + - monitoring_net + +networks: + monitoring_net: + driver: bridge + diff --git a/templates/monitoring/docker-compose.yml b/templates/monitoring/docker-compose.yml new file mode 100644 index 0000000..19a4f7b --- /dev/null +++ b/templates/monitoring/docker-compose.yml @@ -0,0 +1,25 @@ +services: + prometheus: + image: prom/prometheus:latest + container_name: prometheus + restart: always + ports: + - "9090:9090" + volumes: + - ./prometheus.yml:/etc/prometheus/prometheus.yml + networks: + - monitoring_net + + node_exporter: + image: prom/node-exporter:latest + container_name: node-exporter + restart: always + ports: + - "9100:9100" + networks: + - monitoring_net + +networks: + monitoring_net: + driver: bridge + diff --git a/templates/monitoring/prometheus.yml b/templates/monitoring/prometheus.yml new file mode 100644 index 0000000..03c9fc5 --- /dev/null +++ b/templates/monitoring/prometheus.yml @@ -0,0 +1,12 @@ +global: + scrape_interval: 5s + +scrape_configs: + + - job_name: 'prometheus' + static_configs: + - targets: ['localhost:9090'] + + - job_name: 'node' + static_configs: + - targets: ['node-exporter:9100'] diff --git a/templates/nginx-certbot/docker-compose.yml b/templates/nginx-certbot/docker-compose.yml new file mode 100644 index 0000000..7a047ab --- /dev/null +++ b/templates/nginx-certbot/docker-compose.yml @@ -0,0 +1,22 @@ +services: + nginx: + image: nginx:latest + ports: + - "80:80" + - "443:443" + volumes: + - ./static:/var/www/static # For static content delivery + - ./nginx/conf.d:/etc/nginx/conf.d # Your sites conf files + - ./nginx/nginx.conf:/etc/nginx/nginx.conf # Main NginX config file + - ./certbot/www:/var/www/certbot + - ./certbot/conf:/etc/letsencrypt # Stores certificates + restart: unless-stopped + depends_on: + - certbot + + certbot: + image: certbot/certbot + volumes: + - ./certbot/www:/var/www/certbot + - ./certbot/conf:/etc/letsencrypt + restart: unless-stopped diff --git a/templates/nginx-certbot/nginx/conf/proxy.conf b/templates/nginx-certbot/nginx/conf/proxy.conf new file mode 100644 index 0000000..acdf9c2 --- /dev/null +++ b/templates/nginx-certbot/nginx/conf/proxy.conf @@ -0,0 +1,38 @@ +# Reverse proxy + +server { + listen 80; + server_name api.domain.com; + server_tokens off; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name api.domain.com; + server_tokens off; + + ssl_certificate /etc/letsencrypt/live/api.domain.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/api.domain.com/privkey.pem; + + location / { + proxy_pass http://localhost:{LOCAL_NETWORK_PORT}/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + + # WebSocket support + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + # Change upload max size + client_max_body_size 50M; + } +} diff --git a/templates/nginx-certbot/nginx/conf/static.conf b/templates/nginx-certbot/nginx/conf/static.conf new file mode 100644 index 0000000..4a645ac --- /dev/null +++ b/templates/nginx-certbot/nginx/conf/static.conf @@ -0,0 +1,29 @@ +# Static delivery + +server { + listen 80; + server_name test.domain.com; + server_tokens off; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name test.domain.com; + server_tokens off; + + ssl_certificate /etc/letsencrypt/live/test.domain.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/test.domain.com/privkey.pem; + + location / { + root /var/www/static; + index index.html; + } +} diff --git a/templates/nginx-certbot/nginx/nginx.conf b/templates/nginx-certbot/nginx/nginx.conf new file mode 100644 index 0000000..df59946 --- /dev/null +++ b/templates/nginx-certbot/nginx/nginx.conf @@ -0,0 +1,24 @@ +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + keepalive_timeout 65; + include /etc/nginx/conf.d/*.conf; # Include all childs in ./conf.d +} diff --git a/user/create_user.sh b/user/create_user.sh index 7d747fa..7f6b039 100644 --- a/user/create_user.sh +++ b/user/create_user.sh @@ -15,5 +15,8 @@ function create_user() { sudo usermod -aG docker $username echo "[ USER ]: User added to the following groupps (sudo, www-data, docker)" + echo "[ USER ]: Setting ownership of /home/$username folder" + sudo chown -R $username:$username /home/$username + echo "[ USER ]: User setup finished" } diff --git a/web/install_caddy.sh b/web/install_caddy.sh new file mode 100644 index 0000000..b99954d --- /dev/null +++ b/web/install_caddy.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +function install_caddy() { + + REPO_URL="https://raw.githubusercontent.com/elAgala/server-initializer/master" + TEMPLATE_PATH="/templates/caddy" + username="$1" + caddy_dir="/home/$username/caddy" + + echo "[ WEB ]: Starting Caddy setup" + mkdir -p "$caddy_dir" + mkdir -p "$caddy_dir/settings" + wget "$REPO_URL/$TEMPLATE_PATH/docker-compose.yml" -O "$caddy_dir/docker-compose.yml" + wget "$REPO_URL/$TEMPLATE_PATH/Caddyfile" -O "$caddy_dir/settings/Caddyfile" + echo "[ WEB ]: Caddy setup succesfully. You can find the Caddyfile under /home/$username/caddy/settings" +} diff --git a/web/install_nginx.sh b/web/install_nginx.sh deleted file mode 100644 index 4718de3..0000000 --- a/web/install_nginx.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -function install_nginx() { - echo "[ WEB ]: Starting NginX setup" - if ! dpkg -l | grep -q nginx; then - sudo apt update - sudo apt install -y nginx - sudo systemctl start nginx - sudo systemctl enable nginx - echo "[ WEB ]: Installed NginX succesfully" - else - echo "[ WEB ]: NginX already installed, skipping..." - fi -}