155 lines
4.8 KiB
Bash
Executable File
155 lines
4.8 KiB
Bash
Executable File
#!/bin/bash
|
|
# scripts/production-server-setup.sh - Настройка сервера для продакшена
|
|
|
|
set -e
|
|
|
|
echo "🚀 Настройка сервера для CatLink (продакшен)"
|
|
echo "============================================="
|
|
|
|
# Цвета для вывода
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m'
|
|
|
|
echo -e "${BLUE}1. Обновление системы${NC}"
|
|
echo "---------------------"
|
|
sudo apt update && sudo apt upgrade -y
|
|
|
|
echo -e "${BLUE}2. Установка базовых пакетов${NC}"
|
|
echo "----------------------------"
|
|
sudo apt install -y \
|
|
curl \
|
|
wget \
|
|
git \
|
|
htop \
|
|
iotop \
|
|
unzip \
|
|
software-properties-common \
|
|
apt-transport-https \
|
|
ca-certificates \
|
|
gnupg \
|
|
lsb-release \
|
|
ufw
|
|
|
|
echo -e "${BLUE}3. Настройка firewall (UFW)${NC}"
|
|
echo "----------------------------"
|
|
sudo ufw default deny incoming
|
|
sudo ufw default allow outgoing
|
|
sudo ufw allow ssh
|
|
sudo ufw allow 80
|
|
sudo ufw allow 443
|
|
sudo ufw --force enable
|
|
sudo ufw status
|
|
|
|
echo -e "${BLUE}4. Установка Docker${NC}"
|
|
echo "-------------------"
|
|
# Удаление старых версий
|
|
sudo apt remove -y docker docker-engine docker.io containerd runc || true
|
|
|
|
# Добавление репозитория Docker
|
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
|
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
|
|
|
# Установка Docker
|
|
sudo apt update
|
|
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
|
|
|
# Добавление пользователя в группу docker
|
|
sudo usermod -aG docker $USER
|
|
|
|
# Запуск Docker
|
|
sudo systemctl enable docker
|
|
sudo systemctl start docker
|
|
|
|
echo -e "${BLUE}5. Установка Nginx${NC}"
|
|
echo "------------------"
|
|
sudo apt install -y nginx
|
|
sudo systemctl enable nginx
|
|
sudo systemctl start nginx
|
|
|
|
echo -e "${BLUE}6. Установка Certbot${NC}"
|
|
echo "-------------------"
|
|
sudo apt install -y certbot python3-certbot-nginx
|
|
|
|
echo -e "${BLUE}7. Создание директорий для проекта${NC}"
|
|
echo "-----------------------------------"
|
|
sudo mkdir -p /opt/links
|
|
sudo chown $USER:$USER /opt/links
|
|
|
|
echo -e "${BLUE}8. Клонирование репозитория${NC}"
|
|
echo "-----------------------------"
|
|
cd /opt
|
|
if [ ! -d "links" ]; then
|
|
git clone https://github.com/smartsoltech/links.git
|
|
cd links
|
|
else
|
|
cd links
|
|
git pull
|
|
fi
|
|
|
|
echo -e "${BLUE}9. Настройка swap (если нужно)${NC}"
|
|
echo "------------------------------"
|
|
if [ $(free | grep Swap | awk '{print $2}') -eq 0 ]; then
|
|
echo "Создание swap файла 2GB..."
|
|
sudo fallocate -l 2G /swapfile
|
|
sudo chmod 600 /swapfile
|
|
sudo mkswap /swapfile
|
|
sudo swapon /swapfile
|
|
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
|
|
echo "vm.swappiness=10" | sudo tee -a /etc/sysctl.conf
|
|
fi
|
|
|
|
echo -e "${BLUE}10. Настройка логирования${NC}"
|
|
echo "----------------------------"
|
|
# Настройка logrotate для docker
|
|
sudo tee /etc/logrotate.d/docker > /dev/null << 'EOF'
|
|
/var/lib/docker/containers/*/*.log {
|
|
rotate 7
|
|
daily
|
|
compress
|
|
size=1M
|
|
missingok
|
|
delaycompress
|
|
copytruncate
|
|
}
|
|
EOF
|
|
|
|
echo -e "${BLUE}11. Оптимизация производительности${NC}"
|
|
echo "------------------------------------"
|
|
# Настройка sysctl для веб-сервера
|
|
sudo tee -a /etc/sysctl.conf > /dev/null << 'EOF'
|
|
|
|
# Network optimizations
|
|
net.core.somaxconn = 65535
|
|
net.core.netdev_max_backlog = 5000
|
|
net.ipv4.tcp_fin_timeout = 30
|
|
net.ipv4.tcp_keepalive_time = 1200
|
|
net.ipv4.tcp_max_syn_backlog = 8192
|
|
net.ipv4.tcp_max_tw_buckets = 5000
|
|
net.ipv4.tcp_syncookies = 1
|
|
net.ipv4.tcp_tw_reuse = 1
|
|
net.ipv4.ip_local_port_range = 1024 65535
|
|
|
|
# File system optimizations
|
|
fs.file-max = 65535
|
|
EOF
|
|
|
|
sudo sysctl -p
|
|
|
|
echo -e "${GREEN}✅ Сервер готов для развертывания CatLink!${NC}"
|
|
echo ""
|
|
echo -e "${YELLOW}📝 Следующие шаги:${NC}"
|
|
echo "1. Выйдите и войдите заново (для применения docker group)"
|
|
echo "2. Настройте DNS записи для вашего домена"
|
|
echo "3. Запустите: cd /opt/links && make fix-production"
|
|
echo "4. Получите SSL сертификат: make ssl-cert"
|
|
echo ""
|
|
echo -e "${BLUE}🔍 Проверка установки:${NC}"
|
|
echo "- Docker: $(docker --version)"
|
|
echo "- Docker Compose: $(docker compose version)"
|
|
echo "- Nginx: $(nginx -v 2>&1)"
|
|
echo "- Certbot: $(certbot --version 2>&1 | head -1)"
|
|
echo ""
|
|
echo -e "${GREEN}🎉 Сервер готов!${NC}" |