diff --git a/README.md b/README.md index 2e51479..ce51f2a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Deployment DCDN -Deployment [**D**ebian](https://www.debian.org/) (os) + [**C**addy](https://caddyserver.com/) (webserver) + [**D**irectus](https://directus.io/) (cms) + [**N**uxt](https://nuxt.com/) (front). +Deployment [**D**ebian](https://www.debian.org/) (os) + [**C**addy](https://caddyserver.com/) (webserver) + [**D**irectus](https://directus.io/) (cms) + [**N**uxt](https://nuxt.com/) (static front). ## Installation @@ -26,6 +26,47 @@ On a fresh install as root user `bash install.sh` +## Installation steps + +1. Install php for the webhook +2. Create a user +3. Setup ssh, firewall and fail2ban +4. Install Caddy webserver +5. Install MariaDB +6. Setup the Directus Database +7. Install Node +8. Prompt for the url +9. Install and run Directus +10. Install and run the front-end +11. Setup a webhook + +## Post-install + +1. Configure DNS Zone +``` +Domain : | Type : A | Target : +Domain : cms. | Type : A | Target : +Domain : www. | Type : A | Target : +``` + + +2. Set Directus roles +``` +Website role Read content collections and directus_files +User role All permissions on content collections, directus_files and directus_folders +``` + + +3. Create a webhook +`/settings/hooks/gitea/new` +``` +Target URL https:///webhook.php +Branch filter prod +Authorization Header generate a safe string using : openssl rand -base64 32 +``` + ## Ref -[Debian Web Server](https://figureslibres.io/gogs/bachir/debian-web-server) \ No newline at end of file +[Debian Web Server](https://figureslibres.io/gogs/bachir/debian-web-server) + +[Securing a dedicated server](https://help.ovhcloud.com/csm/en-gb-dedicated-servers-securing-server?id=kb_article_view&sysparm_article=KB0043969) \ No newline at end of file diff --git a/assets/webhook.sh b/assets/webhook.sh index c72a697..bedd2f0 100644 --- a/assets/webhook.sh +++ b/assets/webhook.sh @@ -1,11 +1,17 @@ #!/bin/bash repo_name=$1 cms_dir=$(ls -d /var/www/repositories/cms*/) + tmux send-keys -t directus C-c tmux send-keys -t front C-c -cd /var/www/repositories/$repo_name &&\ -git pull origin prod &&\ -NUXT_TELEMETRY_DISABLED=1 ; npm install -y &&\ -npm run build &&\ + +cd /var/www/repositories/$repo_name +git pull origin prod + +jq '.scripts |= with_entries(.value |= gsub("\\bnuxt \\b"; "./node_modules/nuxt/bin/nuxt.mjs "))' package.json > temp.json && mv temp.json package.json + +NUXT_TELEMETRY_DISABLED=1 ; npm install -y +npm run build + tmux send-keys -t front "cd /var/www/repositories/${repo_name} && node .output/server/index.mjs" C-m tmux send-keys -t directus "cd ${cms_dir} && npx directus start" C-m \ No newline at end of file diff --git a/install.sh b/install.sh index 0db4f9c..942f791 100644 --- a/install.sh +++ b/install.sh @@ -322,11 +322,12 @@ if [[ "$answer" == "y" ]]; then su -s /bin/bash -c "cd ${cms_directory} &&\ npx directus schema apply --yes /home/${username}/snapshot.yaml" www-data - echo -e "${PURPLE}${BOLD}You can now add some content${RESET}" - echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}" - echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}" - echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections and directus_files${RESET}" fi + + echo -e "${PURPLE}${BOLD}You can now add some content${RESET}" + echo -e "${ORANGE}${BOLD}Do not forget to set the permissions${RESET}" + echo -e "${ORANGE}${BOLD}Website role ${RESET}${ORANGE}Read content collections and directus_files${RESET}" + echo -e "${ORANGE}${BOLD}User role ${RESET}${ORANGE}All permissions on content collections, directus_files and directus_folders${RESET}" echo -e "${PURPLE}${BOLD}Access Directus ${RESET}${PURPLE}https://cms.${domain_name}${RESET}" fi @@ -393,6 +394,8 @@ if [[ "$answer" == "y" ]]; then echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}" read -s auth_header + apt install -y jq + rm /var/www/html/index.html cp ./assets/webhook.php /var/www/html/ mkdir /var/www/webhook diff --git a/utils/export-content.sh b/utils/export-content.sh index cc1f786..6f9c055 100644 --- a/utils/export-content.sh +++ b/utils/export-content.sh @@ -1 +1,31 @@ -#!/bin/bash \ No newline at end of file +#!/bin/bash + + +if [ "$EUID" -ne 0 ]; then + echo "Please run as root" + exit +fi + +PURPLE='\033[35m' +ORANGE='\033[33m' +BLUE='\033[34m' +BOLD='\033[1m' +RESET='\033[0m' + +echo -e "${PURPLE}${BOLD}Export Directus Database and files ? (y/N) ${RESET}" +read answer +if [[ "$answer" == "y" ]]; then + site_name=$(ls /var/www/repositories/ | grep -v '^cms') + db_password=$(cat /var/www/repositories/cms*/.env | grep DB_PASSWORD | sed "s/[^']*'\([^']*\)'.*/\1/") + current_date=$(date +'%d-%m-%y_%H-%M') + export_folder="/root/content_exports/${site_name}_export_${date}" + mkdir -p "${export_folder}" + mysqldump -u directus -p"${db_password}" directus > "${export_folder}/db_${site_name}_${date}" + cp -r /var/www/repositories/cms*/uploads "${export_folder}" + tar -czf "/root/content_exports/${export_folder}.tar.gz" -C /root/content_exports/ . + + ssh_port=$(cat /etc/ssh/sshd_config | grep "Port " | sed 's/^Port //') + ip=$(hostname -I) + echo -e "${PURPLE}${BOLD}You can now download the backup${RESET}" + echo -e "${BLUE}scp -P ${ssh_port} root@${ip}:/root/content_exports/${export_folder}.tar.gz ./path/to/local/folder${RESET}" +fi \ No newline at end of file