d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a53c15507ffabaf4280b85260cc4b9830824b71c
explorer-monorepo/scripts/nginx-check-vmid5000-direct.sh

269 lines
8.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Script to check, test, and fix nginx configuration on VMID 5000
# Run this script directly inside VMID 5000
set -euo pipefail
BLOCKSCOUT_PORT=4000
DOMAIN="explorer.d-bis.org"
VM_IP="192.168.11.140"
echo "=========================================="
echo "Nginx Configuration Check for VMID 5000"
echo "=========================================="
echo ""
# Step 1: Check if nginx is installed
echo "=== Step 1: Checking Nginx Installation ==="
if command -v nginx >/dev/null 2>&1; then
echo "✅ Nginx is installed"
nginx -v 2>&1 | head -1
else
echo "❌ Nginx is not installed"
echo "Installing nginx..."
apt-get update -qq
apt-get install -y nginx
echo "✅ Nginx installed"
fi
echo ""
# Step 2: Check nginx service status
echo "=== Step 2: Checking Nginx Service Status ==="
if systemctl is-active --quiet nginx; then
echo "✅ Nginx is running"
else
echo "⚠️ Nginx is not running, starting..."
systemctl start nginx
systemctl enable nginx
echo "✅ Nginx started and enabled"
fi
echo ""
# Step 3: Check if Blockscout config exists
echo "=== Step 3: Checking Blockscout Configuration ==="
CONFIG_FILE="/etc/nginx/sites-available/blockscout"
ENABLED_FILE="/etc/nginx/sites-enabled/blockscout"
if [ -f "$CONFIG_FILE" ]; then
echo "✅ Configuration file exists: $CONFIG_FILE"
echo ""
echo "Current configuration:"
head -30 "$CONFIG_FILE"
echo ""
else
echo "❌ Configuration file not found: $CONFIG_FILE"
echo "Creating configuration..."
# Create SSL directory if it doesn't exist
mkdir -p /etc/nginx/ssl
# Create nginx configuration
cat > "$CONFIG_FILE" << 'EOF'
# HTTP server - redirect to HTTPS
server {
listen 80;
listen [::]:80;
server_name explorer.d-bis.org 192.168.11.140;
# Redirect all HTTP to HTTPS
return 301 https://$server_name$request_uri;
}
# HTTPS server - Blockscout Explorer
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name explorer.d-bis.org 192.168.11.140;
# SSL configuration (if certificates exist)
ssl_certificate /etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/explorer.d-bis.org/privkey.pem;
# Fallback to self-signed if Let's Encrypt not available
if (!-f /etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem) {
ssl_certificate /etc/nginx/ssl/blockscout.crt;
ssl_certificate_key /etc/nginx/ssl/blockscout.key;
}
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Blockscout Explorer endpoint
location / {
proxy_pass http://127.0.0.1:4000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
}
# API endpoint (for Blockscout API)
location /api/ {
proxy_pass http://127.0.0.1:4000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
}
# Health check endpoint
location /health {
access_log off;
proxy_pass http://127.0.0.1:4000/api/v2/status;
proxy_set_header Host $host;
add_header Content-Type application/json;
}
}
# WebSocket upgrade mapping
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
EOF
echo "✅ Configuration file created"
fi
echo ""
# Step 4: Enable the site
echo "=== Step 4: Enabling Blockscout Site ==="
if [ -L "$ENABLED_FILE" ]; then
echo "✅ Site is already enabled"
else
echo "Enabling site..."
ln -sf "$CONFIG_FILE" "$ENABLED_FILE"
# Remove default site if it exists
rm -f /etc/nginx/sites-enabled/default 2>/dev/null || true
echo "✅ Site enabled"
fi
echo ""
# Step 5: Test nginx configuration
echo "=== Step 5: Testing Nginx Configuration ==="
if nginx -t; then
echo "✅ Nginx configuration is valid"
CONFIG_VALID=true
else
echo "❌ Nginx configuration has errors"
CONFIG_VALID=false
echo ""
echo "Configuration errors:"
nginx -t 2>&1 || true
exit 1
fi
echo ""
# Step 6: Check if Blockscout is running
echo "=== Step 6: Checking Blockscout Service ==="
if docker ps | grep blockscout | grep -v postgres >/dev/null; then
echo "✅ Blockscout container is running"
BLOCKSCOUT_RUNNING=true
else
echo "⚠️ Blockscout container is not running"
BLOCKSCOUT_RUNNING=false
fi
# Check if Blockscout is responding
if curl -s -f http://127.0.0.1:$BLOCKSCOUT_PORT/api/v2/stats >/dev/null 2>&1; then
echo "✅ Blockscout API is responding on port $BLOCKSCOUT_PORT"
else
echo "⚠️ Blockscout API is not responding on port $BLOCKSCOUT_PORT"
fi
echo ""
# Step 7: Restart nginx if config is valid
if [ "$CONFIG_VALID" = true ]; then
echo "=== Step 7: Restarting Nginx ==="
if systemctl restart nginx; then
echo "✅ Nginx restarted successfully"
else
echo "❌ Failed to restart nginx"
exit 1
fi
echo ""
# Wait a moment for nginx to start
sleep 2
# Check nginx status
if systemctl is-active --quiet nginx; then
echo "✅ Nginx is running after restart"
else
echo "❌ Nginx failed to start"
systemctl status nginx --no-pager -l || true
exit 1
fi
else
echo "⚠️ Skipping nginx restart due to configuration errors"
exit 1
fi
echo ""
# Step 8: Test the proxy
echo "=== Step 8: Testing Nginx Proxy ==="
echo "Testing HTTP redirect..."
HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" http://localhost/ 2>/dev/null || echo "000")
if [ "$HTTP_STATUS" = "301" ] || [ "$HTTP_STATUS" = "302" ]; then
echo "✅ HTTP redirect working (status: $HTTP_STATUS)"
else
echo "⚠️ HTTP redirect may not be working (status: $HTTP_STATUS)"
fi
echo "Testing HTTPS proxy (if SSL available)..."
HTTPS_STATUS=$(curl -s -k -o /dev/null -w "%{http_code}" https://localhost/ 2>/dev/null || echo "000")
if [ "$HTTPS_STATUS" = "200" ] || [ "$HTTPS_STATUS" = "301" ] || [ "$HTTPS_STATUS" = "302" ]; then
echo "✅ HTTPS proxy working (status: $HTTPS_STATUS)"
else
echo "⚠️ HTTPS may not be configured (status: $HTTPS_STATUS)"
echo " This is normal if SSL certificates are not set up yet"
fi
echo "Testing API endpoint..."
API_STATUS=$(curl -s -o /dev/null -w "%{http_code}" http://localhost/api/v2/stats 2>/dev/null || echo "000")
if [ "$API_STATUS" = "200" ]; then
echo "✅ API endpoint working (status: $API_STATUS)"
else
echo "⚠️ API endpoint may not be working (status: $API_STATUS)"
fi
echo ""
# Step 9: Summary
echo "=========================================="
echo "Summary"
echo "=========================================="
echo "Nginx Status: $(systemctl is-active nginx && echo 'Running' || echo 'Not Running')"
echo "Configuration: $CONFIG_FILE"
echo "Site Enabled: $([ -L "$ENABLED_FILE" ] && echo 'Yes' || echo 'No')"
echo "Blockscout Running: $(docker ps | grep blockscout | grep -v postgres >/dev/null && echo 'Yes' || echo 'No')"
echo ""
echo "To view nginx logs:"
echo " tail -f /var/log/nginx/access.log"
echo " tail -f /var/log/nginx/error.log"
echo ""
echo "To test from outside:"
echo " curl -k https://$DOMAIN/api/v2/stats"
echo " curl -k https://$VM_IP/api/v2/stats"
echo ""
Reference in New Issue View Git Blame Copy Permalink