d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
08c074ce101fc8fe6699a6de65799fb2bbf9d9fb
proxmox/scripts/install-nginx-blockscout.sh
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

276 lines
9.3 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Install and configure Nginx reverse proxy for Blockscout Explorer
# Usage: ./install-nginx-blockscout.sh [VMID] [IP]
# Defaults: VMID=5000, IP=192.168.11.140
set -euo pipefail
VMID="${1:-5000}"
IP="${2:-192.168.11.140}"
DOMAIN="${DOMAIN:-explorer.d-bis.org}"
BLOCKSCOUT_PORT="${BLOCKSCOUT_PORT:-4000}"
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
PROXMOX_HOST="${PROXMOX_HOST:-192.168.11.10}"
# Function to execute command in container
exec_container() {
local cmd="$1"
# Check if we're already on the Proxmox host (command exists locally)
if command -v pct >/dev/null 2>&1; then
# Running directly on Proxmox host - use pct directly
pct exec $VMID -- bash -c "$cmd" 2>/dev/null || echo ""
else
ssh -o StrictHostKeyChecking=no root@"$PROXMOX_HOST" "pct exec $VMID -- bash -c '$cmd'" 2>/dev/null || echo ""
fi
}
log_info "Installing Nginx for Blockscout Explorer (VMID: $VMID, IP: $IP)"
# Check if container exists and is running
log_info "Checking container status..."
if command -v pct >/dev/null 2>&1; then
# Running directly on Proxmox host
CONTAINER_STATUS=$(pct status $VMID 2>/dev/null | awk '{print $2}' || echo 'missing')
if [ "$CONTAINER_STATUS" != "running" ]; then
log_warn "Container is not running. Starting container..."
pct start $VMID || {
log_error "Failed to start container $VMID"
exit 1
}
sleep 5
fi
else
CONTAINER_STATUS=$(ssh -o StrictHostKeyChecking=no root@"$PROXMOX_HOST" "pct status $VMID 2>/dev/null | awk '{print \$2}' || echo 'missing'")
if [ "$CONTAINER_STATUS" != "running" ]; then
log_warn "Container is not running. Starting container..."
ssh -o StrictHostKeyChecking=no root@"$PROXMOX_HOST" "pct start $VMID" || {
log_error "Failed to start container $VMID"
exit 1
}
sleep 5
fi
fi
log_success "Container is running"
# Install Nginx
log_info "Installing Nginx..."
exec_container "export DEBIAN_FRONTEND=noninteractive && apt-get update -qq && apt-get install -y -qq nginx" || {
log_error "Failed to install Nginx"
exit 1
}
log_success "Nginx installed"
# Create SSL directory
log_info "Creating SSL directory..."
exec_container "mkdir -p /etc/nginx/ssl"
# Generate self-signed certificate (can be replaced with Let's Encrypt later)
log_info "Generating self-signed SSL certificate..."
exec_container "openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-keyout /etc/nginx/ssl/blockscout.key \
-out /etc/nginx/ssl/blockscout.crt \
-subj '/CN=$DOMAIN/O=Blockscout Explorer/C=US' 2>/dev/null" || {
log_warn "SSL certificate generation may have failed, continuing..."
}
# Create Nginx configuration
log_info "Creating Nginx configuration..."
# Create config file content
NGINX_CONFIG_CONTENT=$(cat <<'NGINX_EOF'
# HTTP server - redirect to HTTPS
server {
listen 80;
listen [::]:80;
server_name $DOMAIN explorer.d-bis.org blockscout-1 $IP;
# Allow Let's Encrypt ACME challenges
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# Redirect all other traffic to HTTPS
location / {
return 301 https://\$host\$request_uri;
}
}
# HTTPS server - Blockscout Explorer
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name $DOMAIN explorer.d-bis.org blockscout-1 $IP;
# SSL configuration
ssl_certificate /etc/nginx/ssl/blockscout.crt;
ssl_certificate_key /etc/nginx/ssl/blockscout.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Logging
access_log /var/log/nginx/blockscout-access.log;
error_log /var/log/nginx/blockscout-error.log;
# Increase timeouts for Blockscout requests
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
send_timeout 300s;
# Client body size (for large contract verification uploads)
client_max_body_size 50M;
# Blockscout Explorer endpoint
location / {
proxy_pass http://127.0.0.1:$BLOCKSCOUT_PORT;
proxy_http_version 1.1;
# Headers
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header Connection "";
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
# WebSocket support (for Blockscout real-time updates)
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$connection_upgrade;
}
# Health check endpoint
location /health {
access_log off;
proxy_pass http://127.0.0.1:$BLOCKSCOUT_PORT/api/v2/status;
proxy_set_header Host \$host;
add_header Content-Type application/json;
}
# API endpoint (for Blockscout API)
location /api/ {
proxy_pass http://127.0.0.1:$BLOCKSCOUT_PORT;
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
}
# WebSocket upgrade mapping
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
NGINX_EOF
)
# Write config file to container
if command -v pct >/dev/null 2>&1; then
# Running directly on Proxmox host
echo "$NGINX_CONFIG_CONTENT" | pct exec $VMID -- bash -c "cat > /etc/nginx/sites-available/blockscout"
pct exec $VMID -- bash -c "ln -sf /etc/nginx/sites-available/blockscout /etc/nginx/sites-enabled/ && rm -f /etc/nginx/sites-enabled/default"
pct exec $VMID -- nginx -t
pct exec $VMID -- systemctl enable nginx
pct exec $VMID -- systemctl restart nginx
else
echo "$NGINX_CONFIG_CONTENT" | ssh -o StrictHostKeyChecking=no root@"$PROXMOX_HOST" "pct exec $VMID -- bash -c 'cat > /etc/nginx/sites-available/blockscout'"
ssh -o StrictHostKeyChecking=no root@"$PROXMOX_HOST" "pct exec $VMID -- bash -c 'ln -sf /etc/nginx/sites-available/blockscout /etc/nginx/sites-enabled/ && rm -f /etc/nginx/sites-enabled/default'"
ssh -o StrictHostKeyChecking=no root@"$PROXMOX_HOST" "pct exec $VMID -- nginx -t"
ssh -o StrictHostKeyChecking=no root@"$PROXMOX_HOST" "pct exec $VMID -- systemctl enable nginx"
ssh -o StrictHostKeyChecking=no root@"$PROXMOX_HOST" "pct exec $VMID -- systemctl restart nginx"
fi
if [ $? -eq 0 ]; then
log_success "Nginx configuration created and enabled"
else
log_error "Failed to create Nginx configuration"
exit 1
fi
# Verify Nginx is running
log_info "Verifying Nginx status..."
if exec_container "systemctl is-active nginx >/dev/null 2>&1"; then
log_success "Nginx service is active"
else
log_error "Nginx service is not active"
exit 1
fi
# Check if ports are listening
log_info "Checking listening ports..."
PORTS=$(exec_container "ss -tlnp 2>&1 | grep -E ':80|:443' || echo ''")
if echo "$PORTS" | grep -q ':80'; then
log_success "Port 80 is listening"
else
log_warn "Port 80 may not be listening"
fi
if echo "$PORTS" | grep -q ':443'; then
log_success "Port 443 is listening"
else
log_warn "Port 443 may not be listening"
fi
# Test Blockscout connectivity
log_info "Testing Blockscout connectivity..."
BLOCKSCOUT_TEST=$(exec_container "timeout 5 curl -s http://127.0.0.1:$BLOCKSCOUT_PORT/api/v2/status 2>&1 || echo 'FAILED'")
if echo "$BLOCKSCOUT_TEST" | grep -q "success\|chain_id"; then
log_success "Blockscout is responding on port $BLOCKSCOUT_PORT"
else
log_warn "Blockscout may not be running on port $BLOCKSCOUT_PORT"
log_info "Response: $BLOCKSCOUT_TEST"
fi
# Test through Nginx
log_info "Testing Nginx proxy..."
NGINX_TEST=$(exec_container "timeout 5 curl -k -s http://127.0.0.1/health 2>&1 || echo 'FAILED'")
if echo "$NGINX_TEST" | grep -q "success\|chain_id"; then
log_success "Nginx proxy is working!"
else
log_warn "Nginx proxy test failed (Blockscout may still be starting)"
log_info "Response: $NGINX_TEST"
fi
echo ""
log_success "Nginx installation and configuration complete!"
echo ""
log_info "Configuration Summary:"
log_info " - HTTP: http://$IP:80 (redirects to HTTPS)"
log_info " - HTTPS: https://$IP:443 (proxies to localhost:$BLOCKSCOUT_PORT)"
log_info " - Domain: $DOMAIN"
log_info ""
log_info "Next steps:"
log_info " 1. Configure Cloudflare DNS/tunnel for $DOMAIN"
log_info " 2. Verify Blockscout service is running: pct exec $VMID -- systemctl status blockscout"
log_info " 3. Test: curl -k https://$IP"
Reference in New Issue View Git Blame Copy Permalink