mirror of
https://github.com/deadcxap/init_scripts.git
synced 2026-07-02 05:43:40 +03:00
переезд в папку композа, logrotate
This commit is contained in:
@@ -6,10 +6,10 @@ services:
|
|||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
|
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
|
||||||
- /etc/certwardenclient/certchain.pem:/etc/nginx/ssl/site/fullchain.pem:ro
|
- ./certs/certchain.pem:/etc/nginx/ssl/site/fullchain.pem:ro
|
||||||
- /etc/certwardenclient/key.pem:/etc/nginx/ssl/site/privkey.pem:ro
|
- ./certs/key.pem:/etc/nginx/ssl/site/privkey.pem:ro
|
||||||
- /dev/shm:/dev/shm:rw
|
- /dev/shm:/dev/shm:rw
|
||||||
- /var/www/html:/var/www/html:ro
|
- ./site:/var/www/html:ro
|
||||||
command: sh -c 'rm -f /dev/shm/nginx.sock && nginx -g "daemon off;"'
|
command: sh -c 'rm -f /dev/shm/nginx.sock && nginx -g "daemon off;"'
|
||||||
network_mode: host
|
network_mode: host
|
||||||
depends_on:
|
depends_on:
|
||||||
@@ -36,7 +36,7 @@ services:
|
|||||||
- path: /opt/remnawave/.env-node
|
- path: /opt/remnawave/.env-node
|
||||||
volumes:
|
volumes:
|
||||||
- /dev/shm:/dev/shm:rw
|
- /dev/shm:/dev/shm:rw
|
||||||
- /var/log/remnanode:/var/log/remnanode
|
- ./logs:/var/log/remnanode
|
||||||
ulimits:
|
ulimits:
|
||||||
nofile:
|
nofile:
|
||||||
soft: 1048576
|
soft: 1048576
|
||||||
@@ -58,7 +58,7 @@ services:
|
|||||||
env_file:
|
env_file:
|
||||||
- .env-node
|
- .env-node
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/certwardenclient:/opt/certwarden/certs
|
- ./certs:/opt/certwarden/certs
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
logging:
|
logging:
|
||||||
driver: 'json-file'
|
driver: 'json-file'
|
||||||
|
|||||||
+50
-16
@@ -16,6 +16,17 @@ SELF_PATH="$(readlink -f "$0" 2>/dev/null || realpath "$0" 2>/dev/null || printf
|
|||||||
|
|
||||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||||
COMPOSE_FILE="$SCRIPT_DIR/docker-compose.yml"
|
COMPOSE_FILE="$SCRIPT_DIR/docker-compose.yml"
|
||||||
|
SITE_DIR="$SCRIPT_DIR/site"
|
||||||
|
SITE_BAC_DIR="$SCRIPT_DIR/site_bac"
|
||||||
|
CERT_DIR="$SITE_DIR/certs"
|
||||||
|
CERT_FILE="$CERT_DIR/certchain.pem"
|
||||||
|
KEY_FILE="$CERT_DIR/key.pem"
|
||||||
|
ENV_FILE="$SCRIPT_DIR/.env-node"
|
||||||
|
NGINX_TEMPLATE="$SCRIPT_DIR/nginx.conf.template"
|
||||||
|
NGINX_CONF="$SCRIPT_DIR/nginx.conf"
|
||||||
|
LOG_DIR="$SCRIPT_DIR/logs"
|
||||||
|
LOGROTATE_DIR="/etc/logrotate.d"
|
||||||
|
LOGROTATE_CONF="$LOGROTATE_DIR/remnanode"
|
||||||
|
|
||||||
# --- Шаг 1: загрузка случайного шаблона сайта ---
|
# --- Шаг 1: загрузка случайного шаблона сайта ---
|
||||||
TMP_DIR=$(mktemp -d)
|
TMP_DIR=$(mktemp -d)
|
||||||
@@ -23,15 +34,15 @@ trap 'rm -rf "$TMP_DIR"' EXIT
|
|||||||
git clone --depth 1 https://github.com/distillium/sni-templates "$TMP_DIR" >/dev/null 2>&1
|
git clone --depth 1 https://github.com/distillium/sni-templates "$TMP_DIR" >/dev/null 2>&1
|
||||||
TEMPLATE_DIR=$(find "$TMP_DIR" -mindepth 1 -maxdepth 1 -type d ! -name '.git' | shuf -n 1)
|
TEMPLATE_DIR=$(find "$TMP_DIR" -mindepth 1 -maxdepth 1 -type d ! -name '.git' | shuf -n 1)
|
||||||
|
|
||||||
if [ -d /var/www/html ] && [ "$(ls -A /var/www/html 2>/dev/null)" ]; then
|
if [ -d $SITE_DIR ] && [ "$(ls -A $SITE_DIR 2>/dev/null)" ]; then
|
||||||
rm -rf /var/www/html_bac
|
rm -rf $SITE_BAC_DIR
|
||||||
mv /var/www/html /var/www/html_bac
|
mv $SITE_DIR $SITE_BAC_DIR
|
||||||
else
|
else
|
||||||
rm -rf /var/www/html
|
rm -rf $SITE_DIR
|
||||||
fi
|
fi
|
||||||
mkdir -p /var/www/html
|
mkdir -p $SITE_DIR
|
||||||
cp -R "$TEMPLATE_DIR"/. /var/www/html/
|
cp -R "$TEMPLATE_DIR"/. $SITE_DIR
|
||||||
rm -rf /var/www/html/.git
|
rm -rf $SITE_DIR/.git
|
||||||
|
|
||||||
# --- Шаг 2: создание докер-сети ---
|
# --- Шаг 2: создание докер-сети ---
|
||||||
# N=$(awk '/^networks:/,/^[^[:space:]]/{if($1=="name:"){print $2; exit}}' "$COMPOSE_FILE"); N=${N:-proxy}
|
# N=$(awk '/^networks:/,/^[^[:space:]]/{if($1=="name:"){print $2; exit}}' "$COMPOSE_FILE"); N=${N:-proxy}
|
||||||
@@ -45,7 +56,6 @@ read -rp "CW_CLIENT_AES_KEY_BASE64: " CW_CLIENT_AES_KEY_BASE64
|
|||||||
read -rp "CW_CLIENT_KEY_APIKEY: " CW_CLIENT_KEY_APIKEY
|
read -rp "CW_CLIENT_KEY_APIKEY: " CW_CLIENT_KEY_APIKEY
|
||||||
read -rp "CW_CLIENT_CERT_APIKEY: " CW_CLIENT_CERT_APIKEY
|
read -rp "CW_CLIENT_CERT_APIKEY: " CW_CLIENT_CERT_APIKEY
|
||||||
|
|
||||||
ENV_FILE="$SCRIPT_DIR/.env-node"
|
|
||||||
touch "$ENV_FILE"
|
touch "$ENV_FILE"
|
||||||
|
|
||||||
update_env_var() {
|
update_env_var() {
|
||||||
@@ -63,8 +73,6 @@ update_env_var CW_CLIENT_AES_KEY_BASE64 "$CW_CLIENT_AES_KEY_BASE64"
|
|||||||
update_env_var CW_CLIENT_KEY_APIKEY "$CW_CLIENT_KEY_APIKEY"
|
update_env_var CW_CLIENT_KEY_APIKEY "$CW_CLIENT_KEY_APIKEY"
|
||||||
update_env_var CW_CLIENT_CERT_APIKEY "$CW_CLIENT_CERT_APIKEY"
|
update_env_var CW_CLIENT_CERT_APIKEY "$CW_CLIENT_CERT_APIKEY"
|
||||||
|
|
||||||
NGINX_TEMPLATE="$SCRIPT_DIR/nginx.conf.template"
|
|
||||||
NGINX_CONF="$SCRIPT_DIR/nginx.conf"
|
|
||||||
sed \
|
sed \
|
||||||
-e "s|__NODE_DOMAIN__|$NODE_DOMAIN|g" \
|
-e "s|__NODE_DOMAIN__|$NODE_DOMAIN|g" \
|
||||||
"$NGINX_TEMPLATE" > "$NGINX_CONF"
|
"$NGINX_TEMPLATE" > "$NGINX_CONF"
|
||||||
@@ -73,18 +81,12 @@ sed \
|
|||||||
read -rp "IP или домен центрального сервера: " CENTRAL_HOST
|
read -rp "IP или домен центрального сервера: " CENTRAL_HOST
|
||||||
CENTRAL_IP=$(getent ahosts "$CENTRAL_HOST" | awk '{print $1; exit}')
|
CENTRAL_IP=$(getent ahosts "$CENTRAL_HOST" | awk '{print $1; exit}')
|
||||||
if [ -n "$CENTRAL_IP" ]; then
|
if [ -n "$CENTRAL_IP" ]; then
|
||||||
# iptables -C INPUT -p tcp -s "$CENTRAL_IP" --dport "$NODE_PORT" -j ACCEPT 2>/dev/null \
|
|
||||||
# || iptables -I INPUT -p tcp -s "$CENTRAL_IP" --dport "$NODE_PORT" -j ACCEPT
|
|
||||||
ufw allow from "$CENTRAL_IP" to any port "$NODE_PORT" proto tcp comment "PANEL" && ufw reload
|
ufw allow from "$CENTRAL_IP" to any port "$NODE_PORT" proto tcp comment "PANEL" && ufw reload
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# --- Шаг 5: запуск docker compose ---
|
# --- Шаг 5: запуск docker compose ---
|
||||||
docker compose -f "$COMPOSE_FILE" up -d certwardenclient
|
docker compose -f "$COMPOSE_FILE" up -d certwardenclient
|
||||||
|
|
||||||
CERT_DIR="/etc/certwardenclient"
|
|
||||||
CERT_FILE="$CERT_DIR/certchain.pem"
|
|
||||||
KEY_FILE="$CERT_DIR/key.pem"
|
|
||||||
|
|
||||||
echo "Ждём появления сертификатов..."
|
echo "Ждём появления сертификатов..."
|
||||||
|
|
||||||
for i in {1..120}; do
|
for i in {1..120}; do
|
||||||
@@ -107,5 +109,37 @@ fi
|
|||||||
|
|
||||||
docker compose -f "$COMPOSE_FILE" up -d
|
docker compose -f "$COMPOSE_FILE" up -d
|
||||||
|
|
||||||
|
# логи
|
||||||
|
mkdir -p "$LOG_DIR"
|
||||||
|
sudo mkdir -p $LOGROTATE_DIR
|
||||||
|
|
||||||
|
TMP_LOGROTATE_CONF="$(mktemp)"
|
||||||
|
cat > "$TMP_LOGROTATE_CONF" <<EOF
|
||||||
|
"$LOG_DIR"/*.log {
|
||||||
|
daily
|
||||||
|
size 50M
|
||||||
|
rotate 10
|
||||||
|
compress
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
copytruncate
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [[ -f "$LOGROTATE_CONF" ]]; then
|
||||||
|
if cmp -s "$TMP_LOGROTATE_CONF" "$LOGROTATE_CONF"; then
|
||||||
|
echo "logrotate config already up to date: $LOGROTATE_CONF"
|
||||||
|
else
|
||||||
|
echo "updating logrotate config: $LOGROTATE_CONF"
|
||||||
|
sudo tee "$LOGROTATE_CONF" >/dev/null < "$TMP_LOGROTATE_CONF"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "creating logrotate config: $LOGROTATE_CONF"
|
||||||
|
sudo tee "$LOGROTATE_CONF" >/dev/null < "$TMP_LOGROTATE_CONF"
|
||||||
|
fi
|
||||||
|
trap 'rm -rf "$TMP_LOGROTATE_CONF"' EXIT
|
||||||
|
|
||||||
|
sudo logrotate -vf /etc/logrotate.d/remnanode
|
||||||
|
|
||||||
echo "Инициализация завершена успешно"
|
echo "Инициализация завершена успешно"
|
||||||
rm -f -- "$SELF_PATH"
|
rm -f -- "$SELF_PATH"
|
||||||
@@ -312,7 +312,7 @@ dcur() {
|
|||||||
docker compose pull && docker compose down && docker compose up -d && docker compose logs -f -t
|
docker compose pull && docker compose down && docker compose up -d && docker compose logs -f -t
|
||||||
}
|
}
|
||||||
alias ..='cd ..'
|
alias ..='cd ..'
|
||||||
alias ll='eza -lahgF --icons --group-directories-first'
|
alias lll='eza -lahgF --icons --group-directories-first'
|
||||||
alias bat='batcat'
|
alias bat='batcat'
|
||||||
EOF
|
EOF
|
||||||
# /etc/profile подхватывает readable *.sh из /etc/profile.d для всех пользователей
|
# /etc/profile подхватывает readable *.sh из /etc/profile.d для всех пользователей
|
||||||
|
|||||||
Reference in New Issue
Block a user