#!/usr/bin/env bash # trilogyhub.de mit Homelab-Website verbinden (Nginx + optional Certbot + Tunnel-Hinweis) set -euo pipefail DOMAIN="${1:-trilogyhub.de}" PORT="${APP_PORT:-3080}" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" APP_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)" ENV_FILE="${APP_DIR}/deploy/env.homelab" if [[ "${EUID}" -ne 0 ]]; then echo "sudo bash deploy/connect-trilogyhub.sh" >&2 exit 1 fi [[ -f "${ENV_FILE}" ]] || { echo "${ENV_FILE} fehlt" >&2; exit 1; } sed -i 's/\r$//' "${ENV_FILE}" 2>/dev/null || true # shellcheck source=/dev/null source "${ENV_FILE}" PORT="${APP_PORT:-3080}" DOMAIN="${APP_DOMAIN:-${DOMAIN}}" echo "==> Verbinde ${DOMAIN} → 127.0.0.1:${PORT}" # env aktualisieren grep -q '^APP_DOMAIN=' "${ENV_FILE}" && sed -i "s|^APP_DOMAIN=.*|APP_DOMAIN=${DOMAIN}|" "${ENV_FILE}" || echo "APP_DOMAIN=${DOMAIN}" >> "${ENV_FILE}" # LAN (Fritz-Netz) sed -i 's/\r$//' "${APP_DIR}/deploy/nginx/bestewebsite-lan.conf" 2>/dev/null || true cp "${APP_DIR}/deploy/nginx/trilogyhub.conf" /etc/nginx/sites-available/trilogyhub 2>/dev/null || \ cp "${APP_DIR}/deploy/nginx/bestewebsite.conf" /etc/nginx/sites-available/trilogyhub # HTTP-only zuerst (fuer Certbot) cat > /etc/nginx/sites-available/trilogyhub < /etc/nginx/sites-available/bestewebsite-legacy <<'LEG' server { listen 80; listen [::]:80; server_name halmc.duckdns.org pimmelschwanz.duckdns.org; return 301 https://trilogyhub.de$request_uri; } LEG ln -sf /etc/nginx/sites-available/bestewebsite-legacy /etc/nginx/sites-enabled/bestewebsite-legacy 2>/dev/null || true fi nginx -t systemctl reload nginx # App muss laufen if ! curl -sf "http://127.0.0.1:${PORT}/" >/dev/null; then echo "WARNUNG: nichts auf Port ${PORT} — playbull.service starten" >&2 systemctl restart playbull 2>/dev/null || true fi # Certbot wenn DNS auf diesen Server zeigt if command -v certbot >/dev/null 2>&1; then echo "==> Versuche Let's Encrypt fuer ${DOMAIN}..." if certbot --nginx -d "${DOMAIN}" -d "www.${DOMAIN}" \ --non-interactive --agree-tos --redirect \ -m "admin@${DOMAIN}" 2>/dev/null; then echo " SSL OK" else echo " SSL noch nicht moeglich (DNS/Cloudflare noch nicht aktiv) — HTTP auf Port 80 ist vorbereitet" fi fi # Cloudflare Tunnel if [[ -n "${CLOUDFLARE_TUNNEL_TOKEN:-}" ]]; then echo "==> Cloudflare Tunnel" cloudflared service uninstall 2>/dev/null || true cloudflared service install "${CLOUDFLARE_TUNNEL_TOKEN}" systemctl enable cloudflared systemctl restart cloudflared echo " Im Cloudflare-Dashboard Public Hostname setzen:" echo " ${DOMAIN} + www.${DOMAIN} → http://127.0.0.1:${PORT}" fi nginx -t && systemctl reload nginx echo "" echo "=== Fertig ===" echo "App: http://127.0.0.1:${PORT}/" echo "LAN: http://192.168.178.49/" echo "Domain: http://${DOMAIN}/ (sobald DNS auf Homelab/Cloudflare zeigt)" echo "HTTPS: https://${DOMAIN}/ (nach Cloudflare Active + Tunnel ODER Certbot)"