mish/evo-sync
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 5 Wiki Activity
Files
48da26c2702be9b86ee66ce92264593eb4906b35
evo-sync/scripts/init-letsencrypt.sh
mguschin bacfd8fe54 feat: add nginx reverse proxy and Let's Encrypt TLS setup 
- Add nginx config for SSL termination and HTTP->HTTPS redirect
- Add init-letsencrypt.sh script for automated certificate provisioning
- Update docker-compose.yml: add nginx service, expose web on internal port only
- Fix Evotor OAuth token exchange: move client credentials to form body
- Add request logging for token exchange errors
- Update BASE_URL to https://evosync.ru and set default in docker-compose
- Add refresh_token field to EvotorConnection model

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-03-06 16:57:46 +03:00

58 lines
1.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Obtain TLS certificates from Let's Encrypt for evosync.ru
# Run once on first deploy: sudo ./scripts/init-letsencrypt.sh
set -euo pipefail
DOMAIN="evosync.ru"
EMAIL="${LETSENCRYPT_EMAIL:-admin@evosync.ru}"
COMPOSE="docker compose"
CERTBOT_DIR="./certbot"
echo "==> Creating certbot directories..."
mkdir -p "$CERTBOT_DIR/conf" "$CERTBOT_DIR/www"
echo "==> Starting nginx (HTTP only, for ACME challenge)..."
# Temporarily use a basic config that doesn't require certs
cat > nginx/nginx-temp.conf <<'TMPCONF'
server {
listen 80;
server_name evosync.ru www.evosync.ru;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 200 'Setting up TLS...';
add_header Content-Type text/plain;
}
}
TMPCONF
$COMPOSE up -d nginx
echo "==> Requesting certificate from Let's Encrypt..."
docker run --rm \
-v "$(pwd)/$CERTBOT_DIR/conf:/etc/letsencrypt" \
-v "$(pwd)/$CERTBOT_DIR/www:/var/www/certbot" \
--network "${COMPOSE_PROJECT_NAME:-evo-syncgit}_default" \
certbot/certbot certonly \
--webroot \
--webroot-path=/var/www/certbot \
--email "$EMAIL" \
--agree-tos \
--no-eff-email \
-d "$DOMAIN" \
-d "www.$DOMAIN"
echo "==> Restoring production nginx config..."
rm -f nginx/nginx-temp.conf
echo "==> Restarting nginx with TLS..."
$COMPOSE restart nginx
echo "==> Done! TLS certificate installed for $DOMAIN"
echo " Set up auto-renewal with: sudo crontab -e"
echo " Add: 0 3 * * * cd $(pwd) && docker run --rm -v $(pwd)/$CERTBOT_DIR/conf:/etc/letsencrypt -v $(pwd)/$CERTBOT_DIR/www:/var/www/certbot certbot/certbot renew --quiet && docker compose restart nginx"
Reference in New Issue View Git Blame Copy Permalink