#!/usr/bin/env bash # Install HAProxy in LXC 10210 (order-haproxy) and proxy :80 → Sankofa/Order portal (Next.js). # Requires SSH to Proxmox host that runs CT 10210 (default: r630-01). See config/ip-addresses.conf. # Usage: ./scripts/deployment/provision-order-haproxy-10210.sh [--dry-run] # # One-time repair (unprivileged CT with host uid 0 on disk → "nobody" inside, apt broken): on Proxmox host, # pct stop 10210 && pct mount 10210 && chown -R 100000:100000 /var/lib/lxc/10210/rootfs && pct unmount 10210 && pct start 10210 # (Default Proxmox idmap: container root = 100000 on host.) set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" # shellcheck source=/dev/null source "$PROJECT_ROOT/config/ip-addresses.conf" DRY_RUN=false for a in "$@"; do [[ "$a" == "--dry-run" ]] && DRY_RUN=true; done PROXMOX="${PROXMOX_ORDER_HAPROXY_NODE:-${PROXMOX_HOST_R630_01:-192.168.11.11}}" VMID="${ORDER_HAPROXY_VMID:-10210}" BACKEND_HOST="${ORDER_HAPROXY_BACKEND_HOST:-${IP_SANKOFA_PORTAL:-192.168.11.51}}" BACKEND_PORT="${ORDER_HAPROXY_BACKEND_PORT:-${SANKOFA_PORTAL_PORT:-3000}}" TEMPLATE="$PROJECT_ROOT/config/haproxy/order-haproxy-10210.cfg.template" if [[ ! -r "$TEMPLATE" ]]; then echo "❌ Missing template: $TEMPLATE" exit 1 fi CFG=$(sed -e "s/__BACKEND_HOST__/${BACKEND_HOST}/g" -e "s/__BACKEND_PORT__/${BACKEND_PORT}/g" "$TEMPLATE") echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "Provision order-haproxy (CT $VMID on $PROXMOX)" echo " Backend: http://${BACKEND_HOST}:${BACKEND_PORT}" echo " Dry-run: $DRY_RUN" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" if [[ "$DRY_RUN" == true ]]; then echo "$CFG" exit 0 fi remote_run() { ssh -o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new \ "${PROXMOX_SSH_USER:-root}@$PROXMOX" "$@" } if ! remote_run "pct status $VMID" 2>/dev/null | grep -q running; then echo "❌ CT $VMID is not running on $PROXMOX" exit 1 fi remote_run "pct exec $VMID -- bash -c ' set -e export DEBIAN_FRONTEND=noninteractive if ! dpkg -s haproxy >/dev/null 2>&1; then apt-get update -qq apt-get install -y -qq haproxy fi '" echo "$CFG" | remote_run "pct exec $VMID -- bash -c 'cat > /etc/haproxy/haproxy.cfg'" remote_run "pct exec $VMID -- bash -c ' set -e haproxy -c -f /etc/haproxy/haproxy.cfg systemctl enable haproxy systemctl restart haproxy sleep 1 systemctl is-active --quiet haproxy echo OK: haproxy active command -v ss >/dev/null && ss -lntp | grep -E \":80|:443\" || true '" IP_ORDER="${IP_ORDER_HAPROXY:-192.168.11.39}" echo "" echo "✅ Done. From LAN: curl -sS -o /dev/null -w '%{http_code}\\n' http://${IP_ORDER}:80/" echo " Then NPM: THE_ORDER_UPSTREAM_IP=${IP_ORDER} THE_ORDER_UPSTREAM_PORT=80 bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh"