trevor/smartsoltech_site
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e57b25843e25faa69d2c7d65749064e6d7ea9d57
smartsoltech_site/scripts/setup-ssl.sh
Andrew K. Choi d9adac609b chore: reorganize project structure and prepare for deployment 
- Organize files into logical directories (docs/, scripts/, tests/)
- Add comprehensive documentation (README, CONTRIBUTING, CHANGELOG)
- Create deployment automation scripts
- Add Docker production configuration
- Update .gitignore and add .dockerignore
- Remove temporary and test files from root
- Improve settings.py with DEBUG from env variable

Added:
- README.md with project overview
- CONTRIBUTING.md for contributors
- CHANGELOG.md for version tracking
- PROJECT_STATUS.md with current state
- docker-compose.prod.yml for production
- nginx.conf for production web server
- scripts/deploy.sh for automated deployment
- scripts/check-config.sh for configuration validation
- scripts/setup-ssl.sh for SSL certificate setup
- docs/DEPLOYMENT.md with detailed deployment guide
- docs/ENV_VARIABLES.md with all environment variables

Moved:
- Documentation to docs/
- Scripts to scripts/
- Test files to tests/

Removed:
- .history/ directory
- Test response JSON files from root
- settings_production.py (merged into settings.py)

This commit prepares the project for:
- Production deployment
- Team collaboration
- Docker containerization
- Proper documentation
2025-11-24 07:12:04 +09:00

132 lines
3.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# SSL Setup script using Let's Encrypt for SmartSolTech
if [ -z "$1" ] || [ -z "$2" ]; then
echo "Usage: ./setup-ssl.sh <domain> <email>"
echo "Example: ./setup-ssl.sh smartsoltech.kr admin@smartsoltech.kr"
exit 1
fi
DOMAIN=$1
EMAIL=$2
echo "🔒 Setting up SSL for $DOMAIN..."
# Create directories
mkdir -p certbot/conf
mkdir -p certbot/www
# Stop nginx if running
docker-compose -f docker-compose.prod.yml stop nginx 2>/dev/null || true
# Get certificate
echo "📝 Requesting SSL certificate..."
docker-compose -f docker-compose.prod.yml run --rm certbot certonly \
--webroot \
--webroot-path=/var/www/certbot \
--email $EMAIL \
--agree-tos \
--no-eff-email \
--force-renewal \
-d $DOMAIN \
-d www.$DOMAIN
if [ $? -eq 0 ]; then
echo "✅ SSL certificate obtained successfully!"
# Update nginx configuration for HTTPS
cat > nginx-ssl.conf << 'EOF'
upstream django_app {
server web:8000;
}
# HTTP redirect to HTTPS
server {
listen 80;
server_name DOMAIN_PLACEHOLDER www.DOMAIN_PLACEHOLDER;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$server_name$request_uri;
}
}
# HTTPS server
server {
listen 443 ssl http2;
server_name DOMAIN_PLACEHOLDER www.DOMAIN_PLACEHOLDER;
ssl_certificate /etc/letsencrypt/live/DOMAIN_PLACEHOLDER/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN_PLACEHOLDER/privkey.pem;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
client_max_body_size 20M;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
location / {
proxy_pass http://django_app;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_redirect off;
proxy_buffering off;
}
location /static/ {
alias /app/smartsoltech/staticfiles/;
expires 30d;
add_header Cache-Control "public, immutable";
}
location /media/ {
alias /app/smartsoltech/media/;
expires 30d;
add_header Cache-Control "public, immutable";
}
# Deny access to sensitive files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
}
EOF
# Replace domain placeholder
sed -i "s/DOMAIN_PLACEHOLDER/$DOMAIN/g" nginx-ssl.conf
echo ""
echo "📋 SSL certificate installed!"
echo ""
echo "Next steps:"
echo "1. Replace nginx.conf with nginx-ssl.conf:"
echo " mv nginx-ssl.conf nginx.conf"
echo ""
echo "2. Update .env file with your domain:"
echo " ALLOWED_HOSTS=localhost,127.0.0.1,$DOMAIN,www.$DOMAIN"
echo " CSRF_TRUSTED_ORIGINS=https://$DOMAIN,https://www.$DOMAIN"
echo ""
echo "3. Restart services:"
echo " docker-compose -f docker-compose.prod.yml restart"
else
echo "❌ Failed to obtain SSL certificate"
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink