database setup for outsidethebox.top webhosting infrastructure project
https://data.outsidethebox.top
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
202 lines
6.2 KiB
202 lines
6.2 KiB
#!/usr/bin/env bash |
|
set -euo pipefail |
|
|
|
[[ $EUID -eq 0 ]] || { echo "Run as root"; exit 1; } |
|
|
|
echo "=== db-admin installer v2.5.1 (one-click deps) ===" |
|
FREE_KB=$(df --output=avail / | tail -1) |
|
(( FREE_KB >= 1000000 )) || { echo "Not enough disk space"; exit 1; } |
|
|
|
echo "[+] Installing OS dependencies" |
|
export DEBIAN_FRONTEND=noninteractive |
|
apt-get update -y |
|
apt-get install -y \ |
|
python3-venv python3-pip jq \ |
|
mariadb-server mariadb-client \ |
|
ca-certificates openssl curl |
|
|
|
# Ensure DB service is up (non-fatal if inside minimal container without systemd) |
|
systemctl enable --now mariadb >/dev/null 2>&1 || true |
|
|
|
command -v mysql >/dev/null || { echo "ERROR: mysql client not found after install"; exit 1; } |
|
|
|
|
|
# --- Interactive settings --- |
|
# Defaults are sensible for Proxmox/LXC deployments behind a webfront (mintme): |
|
# - DB on localhost |
|
# - gunicorn bound to LAN (0.0.0.0:8080) |
|
# - no nginx/apache in the container |
|
# |
|
# You only need to enter: DB password, web auth user/pass, and FQDN. |
|
|
|
DB_NAME="db_admin" |
|
DB_HOST="127.0.0.1" |
|
DB_USER="db-user" |
|
|
|
# Prompt helpers |
|
ask_required () { |
|
local prompt="$1" |
|
local def="$2" |
|
local var |
|
while true; do |
|
if [[ -n "$def" ]]; then |
|
read -rp "$prompt [$def]: " var || true |
|
var="${var:-$def}" |
|
else |
|
read -rp "$prompt: " var || true |
|
fi |
|
var="$(echo -n "$var" | xargs)" || true |
|
if [[ -n "$var" ]]; then |
|
echo "$var" |
|
return 0 |
|
fi |
|
echo " -> Required. Please enter a value." >&2 |
|
done |
|
} |
|
|
|
ask_optional () { |
|
local prompt="$1" |
|
local def="$2" |
|
local var |
|
read -rp "$prompt [$def]: " var || true |
|
var="${var:-$def}" |
|
echo "$var" |
|
} |
|
|
|
DB_PASS="$(ask_required "Database password (will be created for user $DB_USER)" "")" |
|
AUTH_USER="$(ask_required "Web auth username" "db-user")" |
|
AUTH_PASS="$(ask_required "Web auth password" "")" |
|
FQDN="$(ask_required "FQDN (e.g. data.outsidethebox.top)" "")" |
|
|
|
WEBSRV="none" |
|
BIND_ADDR="0.0.0.0:8080" |
|
INSTALL_DIR="/opt/outsidethedb" |
|
|
|
echo |
|
echo "--- Summary ---" |
|
echo |
|
echo "--- Summary ---" |
|
echo " DB name: $DB_NAME" |
|
echo " DB host: $DB_HOST" |
|
echo " DB user: $DB_USER" |
|
echo " FQDN: $FQDN" |
|
echo " Webserver: $WEBSRV" |
|
echo " Bind: $BIND_ADDR" |
|
echo " Install dir: $INSTALL_DIR" |
|
echo "--------------" |
|
echo "Proceeding..." |
|
|
|
mkdir -p "$INSTALL_DIR" |
|
cp -r app "$INSTALL_DIR/" |
|
cp VERSION "$INSTALL_DIR/" |
|
cp requirements.txt "$INSTALL_DIR/" |
|
mkdir -p "$INSTALL_DIR/bin" "$INSTALL_DIR/log" |
|
cp bin/backup_now.sh "$INSTALL_DIR/bin/" |
|
chown -R www-data:www-data "$INSTALL_DIR" |
|
|
|
echo "[+] Setting up Python venv" |
|
python3 -m venv "$INSTALL_DIR/venv" |
|
"$INSTALL_DIR/venv/bin/pip" install --upgrade pip |
|
"$INSTALL_DIR/venv/bin/pip" install -r "$INSTALL_DIR/requirements.txt" |
|
|
|
echo "[+] Writing app config" |
|
jq --arg host "$DB_HOST" --arg name "$DB_NAME" --arg user "$DB_USER" --arg pass "$DB_PASS" --arg fqdn "$FQDN" --arg authu "$AUTH_USER" --arg authp "$AUTH_PASS" \ |
|
'.db.host=$host | .db.name=$name | .db.user=$user | .db.password=$pass | .site.fqdn=$fqdn | .site.auth_user=$authu | .site.auth_pass=$authp' \ |
|
"$INSTALL_DIR/app/config.json" > "$INSTALL_DIR/app/config.json.tmp" |
|
mv "$INSTALL_DIR/app/config.json.tmp" "$INSTALL_DIR/app/config.json" |
|
chown www-data:www-data "$INSTALL_DIR/app/config.json" |
|
|
|
echo "[*] DB schema ..." |
|
SQL_ADMIN="root" |
|
SQL_ADMIN_PASS="" |
|
|
|
TMP=$(mktemp) |
|
sed "s/DATABASE_NAME/$DB_NAME/g" template.sql > "$TMP" |
|
|
|
if [[ -n "$SQL_ADMIN_PASS" ]]; then |
|
MYSQL_AUTH=(-u"$SQL_ADMIN" -p"$SQL_ADMIN_PASS") |
|
else |
|
MYSQL_AUTH=(-u"$SQL_ADMIN") |
|
fi |
|
|
|
mysql "${MYSQL_AUTH[@]}" -e "CREATE DATABASE IF NOT EXISTS \`$DB_NAME\` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" |
|
mysql "${MYSQL_AUTH[@]}" -e "CREATE USER IF NOT EXISTS '$DB_USER'@'%' IDENTIFIED BY '$DB_PASS'; GRANT ALL ON \`$DB_NAME\`.* TO '$DB_USER'@'%'; FLUSH PRIVILEGES;" |
|
mysql "${MYSQL_AUTH[@]}" "$DB_NAME" < "$TMP" |
|
rm -f "$TMP" |
|
|
|
echo "[+] Installing systemd units" |
|
cp db-admin.service /etc/systemd/system/db-admin.service |
|
cp db-admin-sslcheck.service /etc/systemd/system/db-admin-sslcheck.service |
|
cp db-admin-sslcheck.timer /etc/systemd/system/db-admin-sslcheck.timer |
|
|
|
# Apply bind address to systemd unit |
|
sed -i "s/-b 127\\.0\\.0\\.1:8080/-b ${BIND_ADDR}/" /etc/systemd/system/db-admin.service |
|
|
|
systemctl daemon-reload |
|
systemctl enable --now db-admin.service |
|
systemctl enable --now db-admin-sslcheck.timer |
|
systemctl restart db-admin.service |
|
|
|
if [[ "$WEBSRV" == "nginx" ]]; then |
|
echo "[+] Installing nginx (optional)" |
|
apt-get install -y nginx apache2-utils |
|
htpasswd_file="/etc/nginx/.db-admin-htpasswd" |
|
htpasswd -b -c "$htpasswd_file" "$AUTH_USER" "$AUTH_PASS" |
|
cat > "/etc/nginx/sites-available/${FQDN}.conf" <<NGX |
|
server { |
|
server_name $FQDN; |
|
access_log /var/log/nginx/${FQDN}.access.log; |
|
error_log /var/log/nginx/${FQDN}.error.log; |
|
|
|
location / { |
|
auth_basic "Restricted"; |
|
auth_basic_user_file $htpasswd_file; |
|
|
|
proxy_http_version 1.1; |
|
proxy_set_header Host \$host; |
|
proxy_set_header X-Real-IP \$remote_addr; |
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; |
|
proxy_set_header X-Forwarded-Proto \$scheme; |
|
|
|
proxy_pass http://127.0.0.1:8080; |
|
client_max_body_size 20m; |
|
} |
|
|
|
listen 80; |
|
} |
|
NGX |
|
ln -sf "/etc/nginx/sites-available/${FQDN}.conf" "/etc/nginx/sites-enabled/${FQDN}.conf" |
|
nginx -t && systemctl reload nginx |
|
echo "Done. Visit: http://$FQDN" |
|
elif [[ "$WEBSRV" == "apache" ]]; then |
|
echo "[+] Installing apache (optional)" |
|
apt-get install -y apache2 apache2-utils |
|
a2enmod proxy proxy_http headers auth_basic |
|
htpasswd_file="/etc/apache2/.db-admin-htpasswd" |
|
htpasswd -b -c "$htpasswd_file" "$AUTH_USER" "$AUTH_PASS" |
|
cat > "/etc/apache2/sites-available/${FQDN}.conf" <<APC |
|
<VirtualHost *:80> |
|
ServerName $FQDN |
|
ErrorLog \${APACHE_LOG_DIR}/${FQDN}-error.log |
|
CustomLog \${APACHE_LOG_DIR}/${FQDN}-access.log combined |
|
|
|
<Location "/"> |
|
AuthType Basic |
|
AuthName "Restricted" |
|
AuthUserFile $htpasswd_file |
|
Require valid-user |
|
</Location> |
|
|
|
ProxyPreserveHost On |
|
ProxyPass / http://127.0.0.1:8080/ |
|
ProxyPassReverse / http://127.0.0.1:8080/ |
|
</VirtualHost> |
|
APC |
|
a2ensite "${FQDN}.conf" |
|
apache2ctl configtest && systemctl reload apache2 |
|
echo "Done. Visit: http://$FQDN" |
|
else |
|
echo "Done. No webserver installed in this container (recommended behind your webfront)." |
|
echo "Proxy your webfront to: http://<container-ip>:8080" |
|
echo "Example: proxy_pass http://192.168.0.24:8080;" |
|
fi
|
|
|