PTS/Church-Music
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d367261867f555324c071d2d2a1ff220d91d93ae
Church-Music/new-site/setup-ssl.sh

133 lines
4.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# SSL and Nginx Setup Script for houseofprayer.ddns.net
# This script configures Nginx with Let's Encrypt SSL certificates
set -e
DOMAIN="houseofprayer.ddns.net"
EMAIL="admin@houseofprayer.ddns.net" # Change this to your email
NGINX_CONF="/etc/nginx/sites-available/church-music"
NGINX_ENABLED="/etc/nginx/sites-enabled/church-music"
PROJECT_DIR="/media/pts/Website/Church_HOP_MusicData/new-site"
echo "🔐 Setting up SSL and Nginx for $DOMAIN"
echo "================================================"
# Check if running as root
if [ "$EUID" -ne 0 ]; then
echo "❌ Please run as root (use sudo)"
exit 1
fi
# Step 1: Check if ports are available
echo ""
echo "📡 Checking if ports 80 and 443 are available..."
if lsof -Pi :80 -sTCP:LISTEN -t >/dev/null 2>&1; then
echo "⚠️ Port 80 is in use. Stopping nginx if running..."
systemctl stop nginx 2>/dev/null || true
fi
# Step 2: Create certbot directory
echo ""
echo "📁 Creating certbot directory..."
mkdir -p /var/www/certbot
# Step 3: Check if SSL certificate already exists
if [ -d "/etc/letsencrypt/live/$DOMAIN" ]; then
echo ""
echo "✅ SSL certificate already exists for $DOMAIN"
echo " To renew: sudo certbot renew"
else
echo ""
echo "🔒 Obtaining SSL certificate from Let's Encrypt..."
echo " Domain: $DOMAIN"
echo " Email: $EMAIL"
echo ""
# Obtain SSL certificate
certbot certonly --standalone \
--preferred-challenges http \
--agree-tos \
--email "$EMAIL" \
--non-interactive \
-d "$DOMAIN" || {
echo ""
echo "❌ Failed to obtain SSL certificate!"
echo " Please check:"
echo " 1. DNS record for $DOMAIN points to this server"
echo " 2. Port 80 is accessible from the internet"
echo " 3. No firewall blocking port 80"
exit 1
}
echo "✅ SSL certificate obtained successfully!"
fi
# Step 4: Copy Nginx configuration
echo ""
echo "📝 Installing Nginx configuration..."
cp "$PROJECT_DIR/nginx-ssl.conf" "$NGINX_CONF"
# Step 5: Create symbolic link if it doesn't exist
if [ ! -L "$NGINX_ENABLED" ]; then
ln -s "$NGINX_CONF" "$NGINX_ENABLED"
echo "✅ Nginx site enabled"
else
echo "✅ Nginx site already enabled"
fi
# Step 6: Test Nginx configuration
echo ""
echo "🔍 Testing Nginx configuration..."
nginx -t || {
echo "❌ Nginx configuration test failed!"
exit 1
}
# Step 7: Restart Nginx
echo ""
echo "🔄 Restarting Nginx..."
systemctl restart nginx
systemctl enable nginx
# Step 8: Set up automatic SSL renewal
echo ""
echo "⏰ Setting up automatic SSL renewal..."
if ! crontab -l 2>/dev/null | grep -q "certbot renew"; then
(crontab -l 2>/dev/null; echo "0 3 * * * certbot renew --quiet && systemctl reload nginx") | crontab -
echo "✅ Auto-renewal cron job added (runs daily at 3 AM)"
else
echo "✅ Auto-renewal already configured"
fi
# Step 9: Update backend CORS if needed
echo ""
echo "🔧 Checking backend CORS configuration..."
echo " Backend should allow: https://$DOMAIN"
# Step 10: Show status
echo ""
echo "================================================"
echo "✨ SSL and Nginx setup complete!"
echo "================================================"
echo ""
echo "🌐 Your site is now available at:"
echo " https://$DOMAIN"
echo ""
echo "📊 Services Status:"
systemctl status nginx --no-pager | grep -E "Active:|Loaded:"
echo ""
echo "🔒 SSL Certificate Info:"
certbot certificates | grep -A3 "$DOMAIN" || true
echo ""
echo "📝 Next Steps:"
echo " 1. Make sure your backend is running: cd $PROJECT_DIR/backend && node server.js"
echo " 2. Make sure your frontend is running: cd $PROJECT_DIR/frontend && npm run dev"
echo " 3. Test your site: https://$DOMAIN"
echo " 4. Check SSL rating: https://www.ssllabs.com/ssltest/analyze.html?d=$DOMAIN"
echo ""
echo "🔄 To renew SSL manually: sudo certbot renew"
echo "🔍 View Nginx logs: sudo tail -f /var/log/nginx/church-music-*.log"
echo ""
Reference in New Issue View Git Blame Copy Permalink