212 lines
10 KiB
Bash
212 lines
10 KiB
Bash
#!/bin/bash
|
|
echo "Remote Host IP: ";
|
|
read -r ip;
|
|
org_pwd="$(pwd)"
|
|
local_ip=`ip route get 8.8.8.8|xargs|awk '{print $7}'`;
|
|
if [[ "$ip" != "127.0.0.1" ]] && [[ "$ip" != "$local_ip" ]]; then
|
|
echo "Remote Host port: ";
|
|
read -r port;
|
|
echo "Remote Host user: ";
|
|
read -r user;
|
|
echo "Remote Host password: ";
|
|
read -r pass;
|
|
fi
|
|
echo "Target Domain: ";
|
|
read -r domain;
|
|
echo "Current user password for sudoer: ";
|
|
read -r user_pass;
|
|
echo "New Site name(ex: orbit_xxxx, can leave blank for auto): ";
|
|
read -r new_site_name;
|
|
echo "New Database name(ex: orbit_xxxx, can leave blank for auto): ";
|
|
read -r new_db_name;
|
|
echo "Server Name with port(ex: new.example.com:3000, can leave blank for not change): ";
|
|
read -r tmp;
|
|
if [[ ! -z "$tmp" ]]; then
|
|
new_server_name="$(echo "$tmp"|sed 's/:.\+//g')";
|
|
if [[ ! -z "$(echo "$tmp"|grep ':')" ]]; then
|
|
new_server_port="$(echo "$tmp"|sed 's/[^:]\+://g')";
|
|
if [[ -z "$new_server_port" ]]; then
|
|
new_server_port="80";
|
|
fi
|
|
else
|
|
new_server_port="80";
|
|
fi
|
|
fi
|
|
tmp="";
|
|
domain_escape=`echo $domain|sed 's/\./\\\./g'`;
|
|
shopt -s dotglob;
|
|
if [[ "$ip" == "127.0.0.1" ]] || [[ "$ip" == "$local_ip" ]]; then
|
|
ssh_command="bash -l -c"
|
|
scp_command="cp -r -P "
|
|
use_local_command="true"
|
|
echo "Local command!"
|
|
else
|
|
ssh_command="sshpass -p $pass ssh $user@$ip -p $port";
|
|
scp_command="sshpass -p $pass scp -r -P $port $user@$ip:";
|
|
scan_ssh_keys=`ssh-keyscan -H $ip -p $port`
|
|
if [[ ! -e ~/.ssh/known_hosts ]] || [[ -z "$(grep -w "$scan_ssh_keys" ~/.ssh/known_hosts)" ]]; then
|
|
echo "$scan_ssh_keys" >> ~/.ssh/known_hosts
|
|
fi
|
|
use_local_command=""
|
|
fi
|
|
nginx_file=`$ssh_command "grep -e $'\s''$domain_escape' /etc/nginx/orbit_sites/* -l"|xargs|awk '{print $1}'`;
|
|
remote_sudo_command="echo '$pass'|sudo -S -p ' '"
|
|
alias sudo_command="echo '$user_pass'|sudo -S -p ' '"
|
|
if [ -z "$(which sshpass)" ]; then
|
|
sudo_command apt install sshpass -y;
|
|
fi
|
|
function escape_slash(){
|
|
echo "$1"|sed 's/\//\\\//g'
|
|
}
|
|
function exit_command(){
|
|
cd $org_pwd
|
|
unalias sudo_command;
|
|
exit_code="$1";
|
|
if [[ -z "$exit_code" ]]; then
|
|
exit_code="0";
|
|
fi
|
|
history -c && exit $exit_code;
|
|
}
|
|
if [ "$?" != 0 ]; then
|
|
exit_command 1;
|
|
else
|
|
if [ -z "$nginx_file" ]; then
|
|
echo "$domain not found in nginx file!";
|
|
echo "Please Check ip and domain is correct";
|
|
else
|
|
root_path=`$ssh_command "cat '$nginx_file'|grep -E '(^|^\s+)root'|sed -E 's/(^|^\s+)root\s+//'|tr ';' ' '|awk '{print \\$1}'|sed 's/\/public$//g'|xargs|awk '{print \\$1}'"`;
|
|
echo "root_path: $root_path";
|
|
db_name=`$ssh_command "grep -w 'database' '$root_path/config/mongoid.yml' -m1|sed 's/database://g'| xargs"`
|
|
if [ -z $db_name ]; then
|
|
exit_command 1;
|
|
fi
|
|
echo "Database name: $db_name";
|
|
date_str=`date "+%Y%m%d"`
|
|
mongo_output="$root_path/dump_$date_str"
|
|
$ssh_command "mongodump -d $db_name -o '$mongo_output'"
|
|
$ssh_command "cp -f $nginx_file '$root_path/.'"
|
|
match_ssl=`$ssh_command "cat '$nginx_file'|grep -E '443\s+ssl'"`
|
|
if [[ ! -z $match_ssl ]]; then
|
|
echo "SSL Detected!"
|
|
ssl_certificate_file=`$ssh_command "grep -E '^(|\s+)ssl_certificate\s' $nginx_file|sed -E 's/^(|\s+)ssl_certificate(|_key)//g'|sed -E 's/;.*//g'|xargs|awk '{print \\$1}'"`
|
|
ssl_certificate_key_file=`$ssh_command "grep -E '^(|\s+)ssl_certificate_key\s' $nginx_file|sed -E 's/^(|\s+)ssl_certificate(|_key)//g'|sed -E 's/;.*//g'|xargs|awk '{print \\$1}'"`
|
|
$ssh_command "mkdir -p $root_path/ssl_files"
|
|
if [[ "$ssl_certificate_file" == *"/letsencrypt/"* ]]; then
|
|
echo "Use certbot!"
|
|
real_domain=`basename $(dirname $ssl_certificate_file)`
|
|
$ssh_command "mkdir -p $root_path/ssl_files/renewal"
|
|
$ssh_command "$remote_sudo_command cp -L /etc/letsencrypt/renewal/$real_domain.conf $root_path/ssl_files/renewal/."
|
|
org_ssl_dir=`dirname $ssl_certificate_file`
|
|
new_ssl_dir="ssl_files/$(basename $org_ssl_dir)"
|
|
$ssh_command "$remote_sudo_command cp -r -f -L $org_ssl_dir $root_path/ssl_files/."
|
|
certbot_file_idx=`$ssh_command "$remote_sudo_command readlink /etc/letsencrypt/live/$real_domain/cert.pem"|xargs basename|sed -E 's/cert([^.]+)\.pem/\1/g'|xargs`
|
|
else
|
|
$ssh_command "$remote_sudo_command cp -f $ssl_certificate_file $root_path/ssl_files/."
|
|
$ssh_command "$remote_sudo_command cp -f $ssl_certificate_key_file $root_path/ssl_files/."
|
|
fi
|
|
$ssh_command "$remote_sudo_command chown $user:$user $root_path/ssl_files -R"
|
|
fi
|
|
if [ -z "$new_site_name" ]; then
|
|
new_site_name="$db_name"
|
|
fi
|
|
if [ -z "$new_db_name" ]; then
|
|
new_db_name="$db_name"
|
|
fi
|
|
local_store_path="$HOME/orbit_sites/$new_site_name"
|
|
mkdir -p "$local_store_path"
|
|
$scp_command$root_path/* $local_store_path/. 2>>/dev/null
|
|
$scp_command$root_path/.[^.]* $local_store_path/. 2>>/dev/null
|
|
if [[ ! -z "$org_ssl_dir" ]]; then
|
|
if [ -z "$(which certbot)" ]; then
|
|
wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/install_certbot.sh
|
|
sudo_command bash ./install_certbot.sh
|
|
fi
|
|
fi
|
|
cd $local_store_path
|
|
new_nginx_file="/etc/nginx/orbit_sites/$new_site_name"
|
|
sudo_command cp -f "$(basename $nginx_file)" $new_nginx_file
|
|
mongorestore -d $new_db_name $(basename $mongo_output)/$db_name --drop
|
|
sed "s/\(database:\s\+\).\+/\1${new_db_name}/g" -i "$local_store_path/config/mongoid.yml"
|
|
if [[ -z "$use_local_command" ]] && [[ ! -z "$match_ssl" ]]; then
|
|
if [[ ! -z "$org_ssl_dir" ]]; then
|
|
sudo_command mkdir -p $org_ssl_dir
|
|
sudo_command mkdir -p /etc/letsencrypt/renewal
|
|
sudo_command cp -r $new_ssl_dir/* $org_ssl_dir/.
|
|
if [[ "$(dirname $org_ssl_dir)" == "/etc/letsencrypt/live" ]] && [[ ! -z "$(sudo_command find $org_ssl_dir -name '*.pem' 2>>/dev/null || echo '')" ]]; then
|
|
sudo_command mkdir -p /etc/letsencrypt/archive/$real_domain
|
|
sudo_command rm -f /etc/letsencrypt/archive/$real_domain/*.pem
|
|
sudo_command find $org_ssl_dir -name '*.pem' -exec mv {} /etc/letsencrypt/archive/$real_domain/. \;
|
|
if [[ ! -z "$certbot_file_idx" ]]; then
|
|
sudo_command bash -l -c "find '/etc/letsencrypt/archive/$real_domain' -regex '[^0-9]+\.pem' -printf '%p\0'| perl -0 -l0 -pe 'print \$_; s/($(echo /etc/letsencrypt/archive/$real_domain/|sed 's/[\.\/]/\\\0/g')[^\d]+)\.pem/\${1}'$certbot_file_idx'\.pem/'| xargs -0 -n 2 mv"
|
|
sudo_command bash -l -c "cd $org_ssl_dir && find '../../archive/$real_domain/' -regex '[^0-9]+$certbot_file_idx\.pem' -printf '%p\0'| perl -0 -l0 -pe 'print \$_; s/$(echo ../../archive/$real_domain/|sed 's/[\.\/]/\\\0/g')([^\d]+)$certbot_file_idx\.pem/\${1}\.pem/'| xargs -0 -n 2 ln -s"
|
|
else
|
|
sudo_command bash -l -c "cd $org_ssl_dir && ln -s ../../archive/$real_domain/*.pem ."
|
|
fi
|
|
fi
|
|
sudo_command cp -r ssl_files/renewal/* /etc/letsencrypt/renewal/.
|
|
if [[ -e /etc/letsencrypt/renewal/$real_domain.conf ]]; then #Fix certbot account
|
|
letsencrypt_server_name=`sudo_command ls /etc/letsencrypt/accounts/|xargs|awk '{print $1}'`
|
|
if [[ ! -z "$letsencrypt_server_name" ]]; then
|
|
sudo_command sed -E 's/server\s*=.*/server = https:\/\/'$letsencrypt_server_name'\/directory/g' -i /etc/letsencrypt/renewal/$real_domain.conf
|
|
letsencrypt_account_id=`sudo_command ls /etc/letsencrypt/accounts/$letsencrypt_server_name/directory|xargs|awk '{print $1}'`
|
|
if [[ ! -z "$letsencrypt_account_id" ]]; then
|
|
sudo_command sed -E 's/account\s*=.*/account = '$letsencrypt_account_id'/g' -i /etc/letsencrypt/renewal/$real_domain.conf
|
|
fi
|
|
fi
|
|
fi
|
|
sudo_command chmod 700 /etc/letsencrypt/archive -R
|
|
sudo_command chmod 700 /etc/letsencrypt/live -R
|
|
rm -rf ssl_files
|
|
else
|
|
sed "s/$(escape_slash $ssl_certificate_file)/$(escape_slash $root_path)\/ssl_files\/$(basename $ssl_certificate_file)/g" -i $new_nginx_file
|
|
sed "s/$(escape_slash $ssl_certificate_key_file)/$(escape_slash $root_path)\/ssl_files\/$(basename $ssl_certificate_key_file)/g" -i $new_nginx_file
|
|
fi
|
|
echo "Finish changing ssl setting!"
|
|
fi
|
|
sudo_command sed "s/$(escape_slash $root_path)/$(escape_slash $local_store_path)/g" -i "$new_nginx_file"
|
|
old_sock_name=`sudo_command grep -w 'upstream' $new_nginx_file|sed 's/\(upstream\s\+\)\([^ ]\+\)/\2/g'|sed 's/\s*{//g'|xargs`
|
|
new_sock_name="${new_site_name}_sock"
|
|
sudo_command sed "s/\(upstream\s\+\)[^ ]\+/\1${new_sock_name}/g" -i "$new_nginx_file"
|
|
sudo_command sed "s/proxy_pass\s\+http:\/\/${old_sock_name}/proxy_pass http:\/\/${new_sock_name}/g" -i "$new_nginx_file"
|
|
if [[ ! -z $new_server_name ]]; then
|
|
match_listen_line=`sudo_command grep -E '(^|[^#]+)listen' $new_nginx_file -n|grep -v 'ssl'|cut -d : -f 1|xargs|awk '{print $1}'`
|
|
if [[ -z "$match_listen_line" ]]; then
|
|
match_listen_line=`sudo_command grep -E '(^|[^#]+)listen' $new_nginx_file -n|cut -d : -f 1|xargs|awk '{print $1}'`
|
|
if [[ ! -z "$match_listen_line" ]]; then
|
|
sudo_command sed $match_listen_line,+0"s/\([^#]\+\)listen.\+/\0\n\1listen $new_server_port;/g" -i $new_nginx_file
|
|
match_listen_line=$(($match_listen_line+1))
|
|
fi
|
|
else
|
|
sudo_command sed $match_listen_line,+0"s/\([^#]\+\)listen.\+/\1listen $new_server_port;/g" -i $new_nginx_file
|
|
fi
|
|
if [[ -z "$match_listen_line" ]]; then
|
|
echo "You need to edit nginx file: $new_nginx_file by yourself!"
|
|
else
|
|
sudo_command sed "s/server_name\([^;]\+\)/server_name\1 $new_server_name/g" -i $new_nginx_file
|
|
sudo_command sed "s/\(\$host\s*=\s*\)$domain_escape/\1$new_server_name/g" -i $new_nginx_file
|
|
sudo_command sed "s/\(return\s\+30\(1\|2\)\s\+https:\/\/\)$domain_escape/\1$new_server_name/g" -i $new_nginx_file
|
|
fi
|
|
fi
|
|
sudo_command sed "s/$(echo $ip|sed 's/\./\\\./g')/$(echo $local_ip|sed 's/\./\\\./g')/g" -i $new_nginx_file
|
|
sudo_command nginx -t
|
|
if [ "$?" == "0" ];then
|
|
sudo_command service nginx restart;
|
|
else
|
|
echo "Nginx setting has some problem!";
|
|
echo "Please restart nginx by yourself!";
|
|
fi
|
|
rm -f Gemfile.lock
|
|
ruby_ver=`basename $(readlink -n $rvm_prefix/rvm/rubies/default)|cut -d '-' -f 2`
|
|
if [[ ! -z "$ruby_ver" ]]; then
|
|
echo "$ruby_ver" > .ruby-version
|
|
fi
|
|
bundle install
|
|
rm -f tmp/unicorn.sock tmp/pids/unicorn.pid
|
|
wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/start_site.sh -O start_site.sh
|
|
wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/close_site.sh -O close_site.sh
|
|
bash ./start_site.sh production
|
|
echo "Finish moving and installing site!"
|
|
echo "Site Path: $local_store_path"
|
|
exit_command 0;
|
|
fi
|
|
fi |