d-bis/Sankofa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Sankofa/scripts/configure-nginx-proxy.sh
defiQUG 9daf1fd378 Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements 
- Add comprehensive database migrations (001-024) for schema evolution
- Enhance API schema with expanded type definitions and resolvers
- Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth
- Implement new services: AI optimization, billing, blockchain, compliance, marketplace
- Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage)
- Update Crossplane provider with enhanced VM management capabilities
- Add comprehensive test suite for API endpoints and services
- Update frontend components with improved GraphQL subscriptions and real-time updates
- Enhance security configurations and headers (CSP, CORS, etc.)
- Update documentation and configuration files
- Add new CI/CD workflows and validation scripts
- Implement design system improvements and UI enhancements
2025-12-12 18:01:35 -08:00

171 lines
4.5 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# configure-nginx-proxy.sh
# Configuration script for Nginx Proxy VM
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
# Colors
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
RED='\033[0;31m'
BLUE='\033[0;34m'
NC='\033[0m'
log() {
echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $*"
}
log_success() {
echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')] ✅${NC} $*"
}
log_warning() {
echo -e "${YELLOW}[$(date +'%Y-%m-%d %H:%M:%S')] ⚠️${NC} $*"
}
log_error() {
echo -e "${RED}[$(date +'%Y-%m-%d %H:%M:%S')] ❌${NC} $*"
}
# Get VM IP address
get_vm_ip() {
local vm_name=$1
local ip
ip=$(kubectl get proxmoxvm "${vm_name}" -n default -o jsonpath='{.status.ipAddress}' 2>/dev/null || echo "")
if [ -z "${ip}" ] || [ "${ip}" = "<none>" ]; then
log_warning "VM IP not yet assigned. Waiting..."
return 1
fi
echo "${ip}"
}
# Wait for VM to be ready
wait_for_vm() {
local vm_name=$1
local max_attempts=30
local attempt=0
log "Waiting for ${vm_name} to be ready..."
while [ ${attempt} -lt ${max_attempts} ]; do
local ip
ip=$(get_vm_ip "${vm_name}" 2>/dev/null || echo "")
if [ -n "${ip}" ] && [ "${ip}" != "<none>" ]; then
log_success "${vm_name} is ready at ${ip}"
echo "${ip}"
return 0
fi
attempt=$((attempt + 1))
sleep 10
done
log_error "${vm_name} did not become ready in time"
return 1
}
# Generate Nginx configuration
generate_nginx_config() {
local config_file=$1
local domain=$2
local backend_ip=$3
local backend_port=${4:-80}
cat > "${config_file}" <<EOF
server {
listen 80;
listen [::]:80;
server_name ${domain};
# Redirect HTTP to HTTPS
return 301 https://\$server_name\$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${domain};
# SSL Configuration
ssl_certificate /etc/letsencrypt/live/${domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${domain}/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Security Headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Logging
access_log /var/log/nginx/${domain}-access.log;
error_log /var/log/nginx/${domain}-error.log;
# Proxy Settings
location / {
proxy_pass http://${backend_ip}:${backend_port};
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_cache_bypass \$http_upgrade;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
}
}
EOF
}
main() {
log "=========================================="
log "Nginx Proxy Configuration Script"
log "=========================================="
log ""
# Check if VM exists
if ! kubectl get proxmoxvm nginx-proxy-vm -n default &>/dev/null; then
log_error "nginx-proxy-vm not found. Please deploy it first."
exit 1
fi
# Wait for VM to be ready
local vm_ip
vm_ip=$(wait_for_vm "nginx-proxy-vm")
if [ -z "${vm_ip}" ]; then
log_error "Failed to get VM IP address"
exit 1
fi
log_success "Nginx Proxy VM is ready at ${vm_ip}"
log ""
log "Next steps:"
log "1. SSH into the VM: ssh admin@${vm_ip}"
log "2. Install SSL certificates using certbot:"
log " sudo certbot --nginx -d your-domain.com"
log "3. Configure backend services in /etc/nginx/sites-available/"
log "4. Test configuration: sudo nginx -t"
log "5. Reload nginx: sudo systemctl reload nginx"
log ""
log "Example Nginx configuration files are available in:"
log " ${PROJECT_ROOT}/docs/configs/nginx/"
log ""
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink