142 lines
3.3 KiB
Bash
142 lines
3.3 KiB
Bash
#!/bin/bash
|
|
# One-time setup for the dedicated status page VPS (Debian 13)
|
|
# Installs: git, bun, caddy, clones the repo, sets up systemd service
|
|
# Usage: ./setup-status.sh
|
|
|
|
set -e
|
|
|
|
SSH="ssh -o StrictHostKeyChecking=no -i ~/.ssh/id_ed25519"
|
|
STATUS_HOST="root@46.225.155.167"
|
|
|
|
echo "[setup] Setting up status page VPS..."
|
|
|
|
$SSH $STATUS_HOST bash << 'REMOTE'
|
|
set -e
|
|
|
|
# System packages
|
|
apt-get update
|
|
apt-get install -y git curl unzip
|
|
|
|
# Install bun
|
|
if [ ! -f /root/.bun/bin/bun ]; then
|
|
curl -fsSL https://bun.sh/install | bash
|
|
fi
|
|
export PATH="/root/.bun/bin:$PATH"
|
|
|
|
# Install caddy
|
|
if ! command -v caddy &>/dev/null; then
|
|
apt-get install -y debian-keyring debian-archive-keyring apt-transport-https
|
|
curl -1sLf 'https://dl.cloudflare.com/cloudflare-main.gpg' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg 2>/dev/null || true
|
|
curl -1sLf 'https://caddyserver.com/api/download' -o /usr/bin/caddy
|
|
chmod +x /usr/bin/caddy
|
|
# Caddy systemd service
|
|
caddy environ 2>/dev/null || true
|
|
cat > /etc/systemd/system/caddy.service << 'EOF'
|
|
[Unit]
|
|
Description=Caddy
|
|
After=network.target
|
|
|
|
[Service]
|
|
ExecStart=/usr/bin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
|
|
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --adapter caddyfile
|
|
Restart=on-failure
|
|
RestartSec=5
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
fi
|
|
|
|
# Clone repo
|
|
if [ ! -d /opt/pingql ]; then
|
|
git clone https://git-crush-pinto-befog.forehead-gate.com/ico/pingql.git /opt/pingql
|
|
else
|
|
cd /opt/pingql
|
|
git fetch origin && git reset --hard origin/main
|
|
fi
|
|
|
|
# Install status app deps
|
|
cd /opt/pingql/apps/status
|
|
/root/.bun/bin/bun install
|
|
|
|
# Caddyfile - reverse proxy to status app, auto HTTPS for any domain
|
|
mkdir -p /etc/caddy
|
|
cat > /etc/caddy/Caddyfile << 'EOF'
|
|
{
|
|
on_demand_tls {
|
|
ask http://localhost:3003/internal/verify-domain
|
|
}
|
|
servers {
|
|
protocols h1 h2 h3
|
|
}
|
|
}
|
|
|
|
(common) {
|
|
encode zstd gzip
|
|
|
|
header {
|
|
-Server
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "DENY"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
}
|
|
|
|
handle /_static/* {
|
|
root * /opt/pingql/apps/status/src/static
|
|
uri strip_prefix /_static
|
|
file_server
|
|
header Cache-Control "public, max-age=31536000, immutable"
|
|
}
|
|
|
|
handle {
|
|
reverse_proxy localhost:3003
|
|
header Cache-Control "public, max-age=15, s-maxage=15"
|
|
}
|
|
}
|
|
|
|
status.pingql.com {
|
|
import common
|
|
}
|
|
|
|
https:// {
|
|
tls {
|
|
on_demand
|
|
}
|
|
import common
|
|
}
|
|
EOF
|
|
|
|
# Systemd service for the status app
|
|
cat > /etc/systemd/system/pingql-status.service << 'EOF'
|
|
[Unit]
|
|
Description=PingQL Status
|
|
After=network.target
|
|
|
|
[Service]
|
|
WorkingDirectory=/opt/pingql/apps/status
|
|
ExecStart=/root/.bun/bin/bun run src/index.ts
|
|
Restart=on-failure
|
|
RestartSec=3
|
|
EnvironmentFile=/opt/pingql/apps/status/.env
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
# Enable and start services
|
|
systemctl daemon-reload
|
|
systemctl enable caddy pingql-status
|
|
systemctl restart caddy
|
|
systemctl restart pingql-status
|
|
|
|
echo "Setup complete. Services running."
|
|
echo " - Caddy: $(systemctl is-active caddy)"
|
|
echo " - Status: $(systemctl is-active pingql-status)"
|
|
REMOTE
|
|
|
|
echo "[setup] Done. Don't forget to:"
|
|
echo " 1. Create .env at /opt/pingql/apps/status/.env with DATABASE_URL and SECRET"
|
|
echo " 2. Point status.pingql.com DNS to 46.225.155.167"
|
|
echo " 3. Update deploy.sh STATUS_HOST"
|