Includes homelab deploy tooling, image position/zoom manifest persistence, and full trading/casino stack. Co-authored-by: Cursor <cursoragent@cursor.com>
136 lines
4.6 KiB
Bash
136 lines
4.6 KiB
Bash
#!/usr/bin/env bash
|
|
# Domain-Migration auf dem Homelab (DuckDNS + Nginx + Certbot)
|
|
# Usage: sudo bash deploy/fix-domain.sh [neue-domain]
|
|
set -euo pipefail
|
|
|
|
NEW_DOMAIN="${1:-trilogyhub.de}"
|
|
OLD_DOMAIN="${2:-halmc.duckdns.org}"
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
APP_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)"
|
|
|
|
if [[ "${EUID}" -ne 0 ]]; then
|
|
echo "Bitte als root: sudo bash deploy/fix-domain.sh" >&2
|
|
exit 1
|
|
fi
|
|
|
|
ENV_FILE="${APP_DIR}/deploy/env.homelab"
|
|
if [[ ! -f "${ENV_FILE}" ]]; then
|
|
echo "deploy/env.homelab fehlt" >&2
|
|
exit 1
|
|
fi
|
|
|
|
echo "==> Domain: ${OLD_DOMAIN} -> ${NEW_DOMAIN}"
|
|
|
|
# env.homelab aktualisieren (Token behalten, CRLF entfernen)
|
|
sed -i 's/\r$//' "${ENV_FILE}"
|
|
if grep -q '^APP_DOMAIN=' "${ENV_FILE}"; then
|
|
sed -i "s|^APP_DOMAIN=.*|APP_DOMAIN=${NEW_DOMAIN}|" "${ENV_FILE}"
|
|
else
|
|
echo "APP_DOMAIN=${NEW_DOMAIN}" >> "${ENV_FILE}"
|
|
fi
|
|
if grep -q '^DUCKDNS_DOMAIN=' "${ENV_FILE}"; then
|
|
sed -i "s|^DUCKDNS_DOMAIN=.*|DUCKDNS_DOMAIN=${NEW_DOMAIN}|" "${ENV_FILE}"
|
|
else
|
|
echo "DUCKDNS_DOMAIN=${NEW_DOMAIN}" >> "${ENV_FILE}"
|
|
fi
|
|
chmod 600 "${ENV_FILE}"
|
|
|
|
# DuckDNS IP aktualisieren
|
|
if grep -q '^DUCKDNS_TOKEN=.\+' "${ENV_FILE}" 2>/dev/null; then
|
|
echo "==> DuckDNS Update"
|
|
bash "${APP_DIR}/deploy/duckdns-update.sh" || echo " DuckDNS-Update fehlgeschlagen (manuell pruefen)"
|
|
else
|
|
echo " DuckDNS-Token leer — Update uebersprungen"
|
|
fi
|
|
|
|
# Nginx LAN
|
|
echo "==> Nginx LAN"
|
|
sed -i 's/\r$//' "${APP_DIR}/deploy/nginx/bestewebsite-lan.conf" "${APP_DIR}/deploy/nginx/bestewebsite.conf" 2>/dev/null || true
|
|
cp "${APP_DIR}/deploy/nginx/bestewebsite-lan.conf" /etc/nginx/sites-available/bestewebsite-lan
|
|
ln -sf /etc/nginx/sites-available/bestewebsite-lan /etc/nginx/sites-enabled/00-bestewebsite-lan
|
|
|
|
# Nginx öffentlich — zuerst HTTP-only für Certbot
|
|
echo "==> Nginx HTTP (Certbot-Vorbereitung)"
|
|
cat > /etc/nginx/sites-available/bestewebsite <<EOF
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name ${NEW_DOMAIN};
|
|
|
|
client_max_body_size 30m;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:3080;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
}
|
|
}
|
|
EOF
|
|
ln -sf /etc/nginx/sites-available/bestewebsite /etc/nginx/sites-enabled/bestewebsite
|
|
nginx -t
|
|
systemctl reload nginx
|
|
|
|
# Let's Encrypt Zertifikat
|
|
echo "==> Certbot fuer ${NEW_DOMAIN}"
|
|
CERTBOT_EMAIL="admin@${NEW_DOMAIN}"
|
|
if certbot certificates 2>/dev/null | grep -q "${NEW_DOMAIN}"; then
|
|
certbot renew --nginx --quiet || true
|
|
else
|
|
certbot --nginx -d "${NEW_DOMAIN}" --non-interactive --agree-tos --redirect -m "${CERTBOT_EMAIL}" || {
|
|
echo "Certbot fehlgeschlagen — pruefe ob ${NEW_DOMAIN} auf diese Maschine zeigt (Port 80)." >&2
|
|
exit 1
|
|
}
|
|
fi
|
|
|
|
# Finales Nginx-Template — Certbot-Zertifikat einbinden (kein erneutes certbot install)
|
|
echo "==> Nginx HTTPS finalisieren"
|
|
cp "${APP_DIR}/deploy/nginx/bestewebsite.conf" /etc/nginx/sites-available/bestewebsite
|
|
if [[ ! -f "/etc/letsencrypt/live/${NEW_DOMAIN}/fullchain.pem" ]]; then
|
|
echo "Zertifikat fehlt fuer ${NEW_DOMAIN}" >&2
|
|
exit 1
|
|
fi
|
|
ln -sf /etc/nginx/sites-available/bestewebsite /etc/nginx/sites-enabled/bestewebsite
|
|
nginx -t
|
|
systemctl reload nginx
|
|
|
|
# Alte Domain optional auf neue weiterleiten (falls noch DNS zeigt)
|
|
if [[ "${OLD_DOMAIN}" != "${NEW_DOMAIN}" ]]; then
|
|
cat > /etc/nginx/sites-available/bestewebsite-legacy <<EOF
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name ${OLD_DOMAIN};
|
|
return 301 https://${NEW_DOMAIN}\$request_uri;
|
|
}
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name ${OLD_DOMAIN};
|
|
ssl_certificate /etc/letsencrypt/live/${OLD_DOMAIN}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/${OLD_DOMAIN}/privkey.pem;
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
return 301 https://${NEW_DOMAIN}\$request_uri;
|
|
}
|
|
EOF
|
|
if [[ -f "/etc/letsencrypt/live/${OLD_DOMAIN}/fullchain.pem" ]]; then
|
|
ln -sf /etc/nginx/sites-available/bestewebsite-legacy /etc/nginx/sites-enabled/bestewebsite-legacy
|
|
nginx -t && systemctl reload nginx
|
|
echo " Redirect ${OLD_DOMAIN} -> ${NEW_DOMAIN} aktiv"
|
|
else
|
|
rm -f /etc/nginx/sites-enabled/bestewebsite-legacy
|
|
fi
|
|
fi
|
|
|
|
systemctl restart playbull || true
|
|
|
|
echo ""
|
|
echo "=== Fertig ==="
|
|
echo "HTTPS: https://${NEW_DOMAIN}"
|
|
echo "LAN: http://192.168.178.49"
|
|
echo "Test: curl -sfI https://${NEW_DOMAIN}/ | head -3"
|