275 lines
8.7 KiB
Bash
Executable File
275 lines
8.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Script to check, test, and fix nginx configuration on VMID 5000
|
|
# Ensures Blockscout is properly proxied through nginx
|
|
|
|
set -euo pipefail
|
|
|
|
VMID=5000
|
|
BLOCKSCOUT_PORT=4000
|
|
DOMAIN="explorer.d-bis.org"
|
|
VM_IP="192.168.11.140"
|
|
|
|
echo "=========================================="
|
|
echo "Nginx Configuration Check for VMID 5000"
|
|
echo "=========================================="
|
|
echo ""
|
|
|
|
# Check if running from Proxmox host or inside container
|
|
if [ -f "/proc/1/cgroup" ] && grep -q "lxc" /proc/1/cgroup 2>/dev/null; then
|
|
EXEC_PREFIX=""
|
|
echo "Running inside VMID 5000"
|
|
else
|
|
EXEC_PREFIX="pct exec $VMID --"
|
|
echo "Running from Proxmox host, executing in VMID 5000"
|
|
fi
|
|
|
|
# Step 1: Check if nginx is installed
|
|
echo "=== Step 1: Checking Nginx Installation ==="
|
|
if $EXEC_PREFIX command -v nginx >/dev/null 2>&1; then
|
|
echo "✅ Nginx is installed"
|
|
nginx_version=$($EXEC_PREFIX nginx -v 2>&1 | head -1)
|
|
echo " Version: $nginx_version"
|
|
else
|
|
echo "❌ Nginx is not installed"
|
|
echo "Installing nginx..."
|
|
$EXEC_PREFIX apt-get update -qq
|
|
$EXEC_PREFIX apt-get install -y nginx
|
|
echo "✅ Nginx installed"
|
|
fi
|
|
echo ""
|
|
|
|
# Step 2: Check nginx service status
|
|
echo "=== Step 2: Checking Nginx Service Status ==="
|
|
if $EXEC_PREFIX systemctl is-active --quiet nginx; then
|
|
echo "✅ Nginx is running"
|
|
else
|
|
echo "⚠️ Nginx is not running, starting..."
|
|
$EXEC_PREFIX systemctl start nginx
|
|
$EXEC_PREFIX systemctl enable nginx
|
|
echo "✅ Nginx started and enabled"
|
|
fi
|
|
echo ""
|
|
|
|
# Step 3: Check if Blockscout config exists
|
|
echo "=== Step 3: Checking Blockscout Configuration ==="
|
|
CONFIG_FILE="/etc/nginx/sites-available/blockscout"
|
|
ENABLED_FILE="/etc/nginx/sites-enabled/blockscout"
|
|
|
|
if $EXEC_PREFIX test -f "$CONFIG_FILE"; then
|
|
echo "✅ Configuration file exists: $CONFIG_FILE"
|
|
echo ""
|
|
echo "Current configuration:"
|
|
$EXEC_PREFIX cat "$CONFIG_FILE" | head -30
|
|
echo ""
|
|
else
|
|
echo "❌ Configuration file not found: $CONFIG_FILE"
|
|
echo "Creating configuration..."
|
|
|
|
# Create nginx configuration
|
|
$EXEC_PREFIX bash << NGINX_CONFIG
|
|
cat > $CONFIG_FILE << 'EOF'
|
|
# HTTP server - redirect to HTTPS
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name $DOMAIN $VM_IP;
|
|
|
|
# Redirect all HTTP to HTTPS
|
|
return 301 https://\$server_name\$request_uri;
|
|
}
|
|
|
|
# HTTPS server - Blockscout Explorer
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name $DOMAIN $VM_IP;
|
|
|
|
# SSL configuration (if certificates exist)
|
|
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
|
|
|
|
# Fallback to self-signed if Let's Encrypt not available
|
|
if (!-f /etc/letsencrypt/live/$DOMAIN/fullchain.pem) {
|
|
ssl_certificate /etc/nginx/ssl/blockscout.crt;
|
|
ssl_certificate_key /etc/nginx/ssl/blockscout.key;
|
|
}
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
|
|
ssl_prefer_server_ciphers off;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 10m;
|
|
|
|
# Security headers
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
# Blockscout Explorer endpoint
|
|
location / {
|
|
proxy_pass http://127.0.0.1:$BLOCKSCOUT_PORT;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
proxy_set_header Connection "";
|
|
proxy_buffering off;
|
|
proxy_request_buffering off;
|
|
proxy_set_header Upgrade \$http_upgrade;
|
|
proxy_set_header Connection \$connection_upgrade;
|
|
proxy_read_timeout 300s;
|
|
proxy_connect_timeout 75s;
|
|
}
|
|
|
|
# API endpoint (for Blockscout API)
|
|
location /api/ {
|
|
proxy_pass http://127.0.0.1:$BLOCKSCOUT_PORT;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
proxy_read_timeout 300s;
|
|
proxy_connect_timeout 75s;
|
|
}
|
|
|
|
# Health check endpoint
|
|
location /health {
|
|
access_log off;
|
|
proxy_pass http://127.0.0.1:$BLOCKSCOUT_PORT/api/v2/status;
|
|
proxy_set_header Host \$host;
|
|
add_header Content-Type application/json;
|
|
}
|
|
}
|
|
|
|
# WebSocket upgrade mapping
|
|
map \$http_upgrade \$connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
EOF
|
|
echo "✅ Configuration file created"
|
|
NGINX_CONFIG
|
|
fi
|
|
echo ""
|
|
|
|
# Step 4: Enable the site
|
|
echo "=== Step 4: Enabling Blockscout Site ==="
|
|
if $EXEC_PREFIX test -L "$ENABLED_FILE"; then
|
|
echo "✅ Site is already enabled"
|
|
else
|
|
echo "Enabling site..."
|
|
$EXEC_PREFIX ln -sf "$CONFIG_FILE" "$ENABLED_FILE"
|
|
# Remove default site if it exists
|
|
$EXEC_PREFIX rm -f /etc/nginx/sites-enabled/default 2>/dev/null || true
|
|
echo "✅ Site enabled"
|
|
fi
|
|
echo ""
|
|
|
|
# Step 5: Test nginx configuration
|
|
echo "=== Step 5: Testing Nginx Configuration ==="
|
|
if $EXEC_PREFIX nginx -t; then
|
|
echo "✅ Nginx configuration is valid"
|
|
CONFIG_VALID=true
|
|
else
|
|
echo "❌ Nginx configuration has errors"
|
|
CONFIG_VALID=false
|
|
fi
|
|
echo ""
|
|
|
|
# Step 6: Check if Blockscout is running
|
|
echo "=== Step 6: Checking Blockscout Service ==="
|
|
if $EXEC_PREFIX docker ps | grep -q blockscout | grep -v postgres; then
|
|
echo "✅ Blockscout container is running"
|
|
BLOCKSCOUT_RUNNING=true
|
|
else
|
|
echo "⚠️ Blockscout container is not running"
|
|
BLOCKSCOUT_RUNNING=false
|
|
fi
|
|
|
|
# Check if Blockscout is responding
|
|
if $EXEC_PREFIX curl -s -f http://127.0.0.1:$BLOCKSCOUT_PORT/api/v2/stats >/dev/null 2>&1; then
|
|
echo "✅ Blockscout API is responding on port $BLOCKSCOUT_PORT"
|
|
else
|
|
echo "⚠️ Blockscout API is not responding on port $BLOCKSCOUT_PORT"
|
|
fi
|
|
echo ""
|
|
|
|
# Step 7: Restart nginx if config is valid
|
|
if [ "$CONFIG_VALID" = true ]; then
|
|
echo "=== Step 7: Restarting Nginx ==="
|
|
if $EXEC_PREFIX systemctl restart nginx; then
|
|
echo "✅ Nginx restarted successfully"
|
|
else
|
|
echo "❌ Failed to restart nginx"
|
|
exit 1
|
|
fi
|
|
echo ""
|
|
|
|
# Wait a moment for nginx to start
|
|
sleep 2
|
|
|
|
# Check nginx status
|
|
if $EXEC_PREFIX systemctl is-active --quiet nginx; then
|
|
echo "✅ Nginx is running after restart"
|
|
else
|
|
echo "❌ Nginx failed to start"
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "⚠️ Skipping nginx restart due to configuration errors"
|
|
echo "Please fix the configuration errors above"
|
|
exit 1
|
|
fi
|
|
echo ""
|
|
|
|
# Step 8: Test the proxy
|
|
echo "=== Step 8: Testing Nginx Proxy ==="
|
|
echo "Testing HTTP redirect..."
|
|
HTTP_STATUS=$($EXEC_PREFIX curl -s -o /dev/null -w "%{http_code}" http://localhost/ 2>/dev/null || echo "000")
|
|
if [ "$HTTP_STATUS" = "301" ] || [ "$HTTP_STATUS" = "302" ]; then
|
|
echo "✅ HTTP redirect working (status: $HTTP_STATUS)"
|
|
else
|
|
echo "⚠️ HTTP redirect may not be working (status: $HTTP_STATUS)"
|
|
fi
|
|
|
|
echo "Testing HTTPS proxy (if SSL available)..."
|
|
HTTPS_STATUS=$($EXEC_PREFIX curl -s -k -o /dev/null -w "%{http_code}" https://localhost/ 2>/dev/null || echo "000")
|
|
if [ "$HTTPS_STATUS" = "200" ] || [ "$HTTPS_STATUS" = "301" ] || [ "$HTTPS_STATUS" = "302" ]; then
|
|
echo "✅ HTTPS proxy working (status: $HTTPS_STATUS)"
|
|
else
|
|
echo "⚠️ HTTPS may not be configured (status: $HTTPS_STATUS)"
|
|
echo " This is normal if SSL certificates are not set up yet"
|
|
fi
|
|
|
|
echo "Testing API endpoint..."
|
|
API_STATUS=$($EXEC_PREFIX curl -s -o /dev/null -w "%{http_code}" http://localhost/api/v2/stats 2>/dev/null || echo "000")
|
|
if [ "$API_STATUS" = "200" ]; then
|
|
echo "✅ API endpoint working (status: $API_STATUS)"
|
|
else
|
|
echo "⚠️ API endpoint may not be working (status: $API_STATUS)"
|
|
fi
|
|
echo ""
|
|
|
|
# Step 9: Summary
|
|
echo "=========================================="
|
|
echo "Summary"
|
|
echo "=========================================="
|
|
echo "Nginx Status: $($EXEC_PREFIX systemctl is-active nginx && echo 'Running' || echo 'Not Running')"
|
|
echo "Configuration: $CONFIG_FILE"
|
|
echo "Site Enabled: $($EXEC_PREFIX test -L "$ENABLED_FILE" && echo 'Yes' || echo 'No')"
|
|
echo "Blockscout Running: $($EXEC_PREFIX docker ps | grep -q blockscout | grep -v postgres && echo 'Yes' || echo 'No')"
|
|
echo ""
|
|
echo "To view nginx logs:"
|
|
echo " pct exec $VMID -- tail -f /var/log/nginx/access.log"
|
|
echo " pct exec $VMID -- tail -f /var/log/nginx/error.log"
|
|
echo ""
|
|
echo "To test from outside:"
|
|
echo " curl -k https://$DOMAIN/api/v2/stats"
|
|
echo " curl -k https://$VM_IP/api/v2/stats"
|
|
echo ""
|
|
|