mirror of
https://github.com/openfrontio/OpenFrontIO.git
synced 2026-06-21 09:10:42 +00:00
deploy using openfront user instead of root
This commit is contained in:
Evan
@@ -31,6 +31,7 @@ REGION=$1
|
||||
VERSION_TAG="latest"
|
||||
DOCKER_REPO=""
|
||||
ENV=""
|
||||
SSH_KEY=""
|
||||
|
||||
# Set environment-specific variables
|
||||
if [ "$REGION" == "staging" ]; then
|
||||
@@ -38,15 +39,18 @@ if [ "$REGION" == "staging" ]; then
|
||||
SERVER_HOST=$SERVER_HOST_STAGING
|
||||
DOCKER_REPO=$DOCKER_REPO_STAGING
|
||||
ENV="staging"
|
||||
SSH_KEY=$SSH_KEY_STAGING
|
||||
elif [ "$REGION" == "us" ]; then
|
||||
print_header "DEPLOYING TO US ENVIRONMENT"
|
||||
SERVER_HOST=$SERVER_HOST_US
|
||||
DOCKER_REPO=$DOCKER_REPO_PROD # Uses prod Docker repo for alt environment
|
||||
SSH_KEY=$SSH_KEY_PROD
|
||||
ENV="prod"
|
||||
else
|
||||
print_header "DEPLOYING TO EU ENVIRONMENT"
|
||||
SERVER_HOST=$SERVER_HOST_EU
|
||||
DOCKER_REPO=$DOCKER_REPO_PROD
|
||||
SSH_KEY=$SSH_KEY_PROD
|
||||
ENV="prod"
|
||||
fi
|
||||
|
||||
@@ -57,10 +61,11 @@ if [ -z "$SERVER_HOST" ]; then
|
||||
fi
|
||||
|
||||
# Configuration
|
||||
SSH_KEY=${SSH_KEY:-"~/.ssh/id_rsa"} # Use default or override from .env
|
||||
DOCKER_USERNAME=${DOCKER_USERNAME} # Docker Hub username
|
||||
UPDATE_SCRIPT="./update.sh" # Path to your update script
|
||||
REMOTE_UPDATE_SCRIPT="/root/update-openfront.sh" # Where to place the script on server
|
||||
REMOTE_USER="openfront"
|
||||
REMOTE_UPDATE_PATH="/home/$REMOTE_USER"
|
||||
REMOTE_UPDATE_SCRIPT="$REMOTE_UPDATE_PATH/update-openfront.sh" # Where to place the script on server
|
||||
|
||||
# Check if update script exists
|
||||
if [ ! -f "$UPDATE_SCRIPT" ]; then
|
||||
@@ -90,28 +95,23 @@ if [ $? -ne 0 ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "❌ Failed to push image to Docker Hub. Stopping deployment."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "✅ Docker image built and pushed successfully."
|
||||
|
||||
# Step 2: Copy update script to Hetzner server
|
||||
print_header "STEP 2: Copying update script to server"
|
||||
echo "Target: $SERVER_HOST"
|
||||
echo "Target: $REMOTE_USER@$SERVER_HOST"
|
||||
|
||||
# Make sure the update script is executable
|
||||
chmod +x $UPDATE_SCRIPT
|
||||
|
||||
# Copy the update script to the server
|
||||
scp -i $SSH_KEY $UPDATE_SCRIPT $SERVER_HOST:$REMOTE_UPDATE_SCRIPT
|
||||
scp -i $SSH_KEY $UPDATE_SCRIPT $REMOTE_USER@$SERVER_HOST:$REMOTE_UPDATE_SCRIPT
|
||||
|
||||
# Copy environment variables if needed
|
||||
if [ -f .env ]; then
|
||||
scp -i $SSH_KEY .env $SERVER_HOST:/root/.env
|
||||
scp -i $SSH_KEY .env $REMOTE_USER@$SERVER_HOST:$REMOTE_UPDATE_PATH/.env
|
||||
# Secure the .env file
|
||||
ssh -i $SSH_KEY $SERVER_HOST "chmod 600 /root/.env"
|
||||
ssh -i $SSH_KEY $REMOTE_USER@$SERVER_HOST "chmod 600 $REMOTE_UPDATE_PATH/.env"
|
||||
fi
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
@@ -125,7 +125,7 @@ echo "✅ Update script successfully copied to server."
|
||||
print_header "STEP 3: Executing update script on server"
|
||||
|
||||
# Make the script executable on the remote server and execute it with the environment parameter
|
||||
ssh -i $SSH_KEY $SERVER_HOST "chmod +x $REMOTE_UPDATE_SCRIPT && $REMOTE_UPDATE_SCRIPT $REGION $DOCKER_USERNAME $DOCKER_REPO"
|
||||
ssh -i $SSH_KEY $REMOTE_USER@$SERVER_HOST "chmod +x $REMOTE_UPDATE_SCRIPT && $REMOTE_UPDATE_SCRIPT $REGION $DOCKER_USERNAME $DOCKER_REPO"
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "❌ Failed to execute update script on server."
|
||||
|
||||
+18
-12
@@ -1,14 +1,20 @@
|
||||
# AWS Configuration
|
||||
AWS_REGION=region-name
|
||||
AWS_ACCOUNT_ID=your-account-id
|
||||
# Server Configuration
|
||||
SERVER_HOST_STAGING=xxx.xxx.xx.xxx
|
||||
SERVER_HOST_EU=xxx.xxx.xxx.xxx
|
||||
SERVER_HOST_US=x.xxx.xxx.xxx
|
||||
SSH_KEY_STAGING=~/.ssh/your-staging-key
|
||||
SSH_KEY_PROD=~/.ssh/your-prod-key
|
||||
|
||||
# ECR (Elastic Container Registry)
|
||||
ECR_REPO_NAME=your-repo-name
|
||||
# Docker Configuration
|
||||
DOCKER_USERNAME=username
|
||||
DOCKER_REPO_PROD=your-prod-repo
|
||||
DOCKER_REPO_STAGING=your-staging-repo
|
||||
DOCKER_TOKEN=your_docker_token
|
||||
|
||||
# EC2 Deployment Hosts
|
||||
EC2_HOST_STAGING=ec2-user@your-staging-ip
|
||||
EC2_HOST_PROD=ec2-user@your-production-ip
|
||||
EC2_KEY=~/.ssh/your-key-file.pem
|
||||
|
||||
# Application Secrets
|
||||
ADMIN_TOKEN=your-admin-token
|
||||
# Admin credentials
|
||||
ADMIN_TOKEN=your_admin_token
|
||||
R2_ACCESS_KEY=your_r2_access_key
|
||||
R2_SECRET_KEY=your_r2_secret_key
|
||||
R2_ACCOUNT_ID=your_r2_account_id
|
||||
R2_PROD_BUCKET=your-prod-bucket
|
||||
R2_STAGING_BUCKET=your-staging-bucket
|
||||
@@ -1,37 +1,80 @@
|
||||
#!/bin/bash
|
||||
# Comprehensive setup script for Hetzner server with Docker and Cloudflare R2 configuration
|
||||
|
||||
# Comprehensive setup script for Hetzner server with Docker and user setup
|
||||
# Exit on error
|
||||
set -e
|
||||
|
||||
echo "====================================================="
|
||||
echo "🚀 STARTING SERVER SETUP"
|
||||
echo "====================================================="
|
||||
|
||||
echo "🔄 Updating system..."
|
||||
apt update && apt upgrade -y
|
||||
|
||||
echo "🐳 Installing Docker..."
|
||||
# Install Docker using official script
|
||||
curl -fsSL https://get.docker.com -o get-docker.sh
|
||||
sh get-docker.sh
|
||||
systemctl enable --now docker
|
||||
# Check if Docker is already installed
|
||||
if command -v docker &> /dev/null; then
|
||||
echo "Docker is already installed"
|
||||
else
|
||||
echo "🐳 Installing Docker..."
|
||||
# Install Docker using official script
|
||||
curl -fsSL https://get.docker.com -o get-docker.sh
|
||||
sh get-docker.sh
|
||||
systemctl enable --now docker
|
||||
echo "Docker installed successfully"
|
||||
fi
|
||||
|
||||
# Set up Docker Hub credentials
|
||||
echo "🔐 Setting up Docker Hub login..."
|
||||
echo "Enter your Docker Hub username:"
|
||||
read DOCKER_USERNAME
|
||||
echo "Enter your Docker Hub password/token:"
|
||||
read -s DOCKER_PASSWORD
|
||||
echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
|
||||
echo "✅ Docker Hub login configured"
|
||||
echo "👤 Setting up openfront user..."
|
||||
# Create openfront user if it doesn't exist
|
||||
if id "openfront" &>/dev/null; then
|
||||
echo "User openfront already exists"
|
||||
else
|
||||
useradd -m -s /bin/bash openfront
|
||||
echo "User openfront created"
|
||||
fi
|
||||
|
||||
echo "🔄 Installing Node Exporter..."
|
||||
# Check if openfront is already in docker group
|
||||
if groups openfront | grep -q '\bdocker\b'; then
|
||||
echo "User openfront is already in the docker group"
|
||||
else
|
||||
# Add openfront to docker group
|
||||
usermod -aG docker openfront
|
||||
echo "Added openfront to docker group"
|
||||
fi
|
||||
|
||||
docker run -d --name node-exporter --restart=unless-stopped \
|
||||
--net="host" \
|
||||
--pid="host" \
|
||||
-v "/:/host:ro,rslave" \
|
||||
prom/node-exporter:latest \
|
||||
--path.rootfs=/host
|
||||
# Create .ssh directory for openfront if it doesn't exist
|
||||
if [ ! -d "/home/openfront/.ssh" ]; then
|
||||
mkdir -p /home/openfront/.ssh
|
||||
chmod 700 /home/openfront/.ssh
|
||||
echo "Created .ssh directory for openfront"
|
||||
fi
|
||||
|
||||
echo "node-exporter installed"
|
||||
# Copy SSH keys from root if they exist and haven't been copied yet
|
||||
if [ -f /root/.ssh/authorized_keys ] && [ ! -f /home/openfront/.ssh/authorized_keys ]; then
|
||||
cp /root/.ssh/authorized_keys /home/openfront/.ssh/
|
||||
chmod 600 /home/openfront/.ssh/authorized_keys
|
||||
echo "SSH keys copied from root to openfront"
|
||||
fi
|
||||
|
||||
echo "🎉 Setup complete! You can find helpful Docker and R2 commands in ~/docker-commands.sh"
|
||||
echo "Test your R2 connection: aws s3 ls --profile r2"
|
||||
# Check if node-exporter container already exists
|
||||
if docker ps -a | grep -q "node-exporter"; then
|
||||
echo "Node Exporter is already installed"
|
||||
else
|
||||
echo "🔄 Installing Node Exporter..."
|
||||
docker run -d --name node-exporter --restart=unless-stopped \
|
||||
--net="host" \
|
||||
--pid="host" \
|
||||
-v "/:/host:ro,rslave" \
|
||||
prom/node-exporter:latest \
|
||||
--path.rootfs=/host
|
||||
echo "Node Exporter installed successfully"
|
||||
fi
|
||||
|
||||
# Set proper ownership for openfront's home directory
|
||||
chown -R openfront:openfront /home/openfront
|
||||
echo "Set proper ownership for openfront's home directory"
|
||||
|
||||
echo "====================================================="
|
||||
echo "🎉 SETUP COMPLETE!"
|
||||
echo "====================================================="
|
||||
echo "The openfront user has been set up and has Docker permissions."
|
||||
echo "You can now deploy using the openfront user."
|
||||
echo "====================================================="
|
||||
@@ -26,11 +26,13 @@ echo "Container name: ${CONTAINER_NAME}"
|
||||
echo "Docker image: ${FULL_IMAGE_NAME}"
|
||||
|
||||
# Load environment variables if .env exists
|
||||
if [ -f /root/.env ]; then
|
||||
if [ -f /home/openfront/.env ]; then
|
||||
echo "Loading environment variables from .env file..."
|
||||
export $(grep -v '^#' /root/.env | xargs)
|
||||
export $(grep -v '^#' /home/openfront/.env | xargs)
|
||||
fi
|
||||
|
||||
docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
|
||||
|
||||
# Install Loki Docker plugin if not already installed
|
||||
if ! docker plugin ls | grep -q "loki"; then
|
||||
echo "Installing Loki Docker plugin..."
|
||||
@@ -99,7 +101,7 @@ docker run -d -p 80:80 -p 127.0.0.1:9090:9090 \
|
||||
--log-opt loki-external-labels="job=docker,environment=${ENV},host=${REGION},region=${REGION}" \
|
||||
--env GAME_ENV=${ENV} \
|
||||
--env REGION=${REGION} \
|
||||
--env-file /root/.env \
|
||||
--env-file /home/openfront/.env \
|
||||
--name ${CONTAINER_NAME} \
|
||||
$FULL_IMAGE_NAME
|
||||
|
||||
|
||||
Reference in New Issue
Block a user