diff options
| author | Matthew Lemon <y@yulqen.org> | 2024-04-10 21:14:45 +0100 |
|---|---|---|
| committer | Matthew Lemon <y@yulqen.org> | 2024-04-10 21:14:45 +0100 |
| commit | 8428a1be78028f3808e790598af8572ac475a1da (patch) | |
| tree | e7a27f1cba3256d5ee3ba21ba343d72b70396f2e | |
| parent | 24d51e78c462fdb829b10747eac470fc80e6fdce (diff) | |
Adds example Docker bash deployment script
| -rw-r--r-- | resources/example_bash_for_deployment.sh | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/resources/example_bash_for_deployment.sh b/resources/example_bash_for_deployment.sh new file mode 100644 index 0000000..a2a7a63 --- /dev/null +++ b/resources/example_bash_for_deployment.sh @@ -0,0 +1,92 @@ +#!/bin/bash + +# from https://joshblais.com/posts/How-I-deploy-apps + +# Check the number of arguments +if [ "$#" -ne 3 ]; then +echo "Usage: $0 <image_name> <port_mapping> <domain>" +exit 1 +fi + +# Assign arguments to variables +IMAGE_NAME=$1 +PORT_MAPPING=$2 +DOMAIN=$3 +EMAIL="" +TAG="latest" # Adjust tagging strategy as needed +DOCKER_REGISTRY="" # Docker registry URL +SERVER_HOST="" +SSH_USER="" # SSH user on the remote server +SSH_KEY_PATH="" # SSH private key path + +# Extract host port from PORT_MAPPING +HOST_PORT=$(echo $PORT_MAPPING | cut -d':' -f1) + +# Build the Docker image with Buildx +docker buildx build --platform linux/amd64 -t $DOCKER_REGISTRY/"$IMAGE_NAME":$TAG --load . + +# Push the Docker image +docker push $DOCKER_REGISTRY/$IMAGE_NAME:$TAG + +# SSH into server to pull the image, restart the container, and configure NGINX and Certbot +ssh -i $SSH_KEY_PATH $SSH_USER@$SERVER_HOST << EOF +# Pull the latest Docker image +docker pull $DOCKER_REGISTRY/$IMAGE_NAME:$TAG + +# Stop and remove the existing container if it exists +docker stop $IMAGE_NAME || true +docker rm $IMAGE_NAME || true + +# Run the new container in the background with the specified port mapping +docker run -d --name $IMAGE_NAME -p $PORT_MAPPING $DOCKER_REGISTRY/$IMAGE_NAME:$TAG + +# Check if NGINX config exists, if not, create it +NGINX_CONFIG="/etc/nginx/sites-available/$DOMAIN.conf" +NGINX_ENABLED="/etc/nginx/sites-enabled/$DOMAIN.conf" + +if [ ! -f "\$NGINX_CONFIG" ]; then + sudo bash -c "cat > \$NGINX_CONFIG" << 'ENDOFFILE' +server { + listen 80; + server_name $DOMAIN; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://\$host\$request_uri; + } +} + +server { + listen 443 ssl; + server_name $DOMAIN; + + ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem; + + location / { + proxy_pass http://localhost:$HOST_PORT; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + } +} +ENDOFFILE + + sudo ln -s "\$NGINX_CONFIG" "\$NGINX_ENABLED" +fi + +# Reload NGINX to apply configuration +sudo nginx -t && sudo systemctl reload nginx + +# After NGINX is reloaded: +sudo certbot certonly --webroot -w /var/www/certbot -d $DOMAIN --email $EMAIL --agree-tos --non-interactive --deploy-hook "sudo systemctl reload nginx" + +# Reload NGINX to use new SSL certificate +sudo systemctl reload nginx +EOF + +echo "Deployment complete." |