IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2026-04-06 01:25:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix bugs in install.sh

Browse Source
This commit is contained in:
einhornimmond 2025-12-05 13:02:09 +01:00
parent ac50671e75
commit fb38b314f4
2 changed files with 33 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
deployment/hetzner_cloud/README.md
View File

@ -77,7 +77,7 @@ $ ssh -i /path/to/privKey gradido@gddhost.tld
### Install `Gradido` code ### Install `Gradido` code
```bash ```bash
cd ~ cd ~
git clone https://github.com/gradido/gradido.git git clone https://github.com/gradido/gradido.git --branch latest
``` ```
### Adjust the values in `.env` ### Adjust the values in `.env`
@ -109,7 +109,7 @@ will remove it and ln ../bare_metal/nginx/conf.d
```bash ```bash
cd ~/gradido/deployment/hetzner_cloud cd ~/gradido/deployment/hetzner_cloud
sudo ./install.sh release-2_7_4 sudo ./install.sh latest
``` ```
I made a (german) video to show it to you (video is older, output will differ): I made a (german) video to show it to you (video is older, output will differ):

69
deployment/hetzner_cloud/install.sh
View File

@ -4,7 +4,7 @@ set -euo pipefail
log_error() { log_error() {
local message="$1" local message="$1"
echo -e "\e[31m$message\e[0m" >&3 # red in console echo -e "\e[31m$message\e[0m" # red in console
} }
# called always on error, log error really visible with ascii art in red on console and html # called always on error, log error really visible with ascii art in red on console and html
@ -46,49 +46,39 @@ echo 'Replace placeholder secrets in .env'
# NOTE: all config values will be in process.env when starting # NOTE: all config values will be in process.env when starting
# the services and will therefore take precedence over the .env # the services and will therefore take precedence over the .env
if [ -f "$SCRIPT_PATH/.env" ]; then if [ -f "$SCRIPT_PATH/.env" ]; then
ENV_FILE = $SCRIPT_PATH/.env ENV_FILE="$SCRIPT_PATH/.env"
# --- Secret Generators ------------------------------------------------------- # --- Secret Generators -------------------------------------------------------
gen_jwt_secret() { gen_jwt_secret() {
# 32 Character, URL-safe: A-Z a-z 0-9 _ - # 32 Character, URL-safe: A-Z a-z 0-9 _ -
tr -dc 'A-Za-z0-9_-' < /dev/urandom | head -c 32 tr -dc 'A-Za-z0-9_-' < /dev/urandom | head -c 32 2>/dev/null || true
} }
gen_webhook_secret() { gen_webhook_secret() {
# URL-safe, longer security (40 chars) # URL-safe, longer security (40 chars)
tr -dc 'A-Za-z0-9_-' < /dev/urandom | head -c 40 tr -dc 'A-Za-z0-9_-' < /dev/urandom | head -c 40 2>/dev/null || true
} }
gen_binary_secret() { gen_binary_secret() {
local bytes="$1" local bytes="$1"
# Hex -> 2 chars pro byte # Hex -> 2 chars pro byte
openssl rand -hex "$bytes" openssl rand -hex "$bytes" 2>/dev/null || true
} }
# --- Mapping of Placeholder -> Function -------------------------------------- # --- Mapping of Placeholder -> Function --------------------------------------
generate_secret_for() { generate_secret_for() {
case "$1" in case "$1" in
jwt_secret) jwt_secret) gen_jwt_secret ;;
gen_jwt_secret webhook_secret) gen_webhook_secret ;;
;; binary8_secret) gen_binary_secret 8 ;;
webhook_secret) binary16_secret) gen_binary_secret 16;;
gen_webhook_secret binary32_secret) gen_binary_secret 32;;
;; *)
binary8_secret) echo "Unknown Placeholder: $1" >&2
gen_binary_secret 8 exit 1
;; ;;
binary16_secret)
gen_binary_secret 16
;;
binary32_secret)
gen_binary_secret 32
;;
*)
echo "Unknown Placeholder: $1" >&2
exit 1
;;
esac esac
} }
@ -108,15 +98,17 @@ if [ -f "$SCRIPT_PATH/.env" ]; then
cp "$ENV_FILE" "$TMP_FILE" cp "$ENV_FILE" "$TMP_FILE"
for ph in "${placeholders[@]}"; do for ph in "${placeholders[@]}"; do
# Secret generate # Iterate over all lines containing the placeholder
new_value="$(generate_secret_for "$ph")" while grep -q "$ph" "$TMP_FILE"; do
new_value=$(generate_secret_for "$ph")
# Only replace lines that do NOT start with # # Replace only the first occurrence per line
sed -i "/^[[:space:]]*#/! s/$ph/$new_value/g" "$TMP_FILE" sed -i "0,/$ph/s//$new_value/" "$TMP_FILE"
done
done done
# Write back # Write back
mv "$TMP_FILE" "$ENV_FILE" mv "$TMP_FILE" "$ENV_FILE"
chown gradido:gradido "$ENV_FILE"
fi fi
# If install.sh will be called more than once # If install.sh will be called more than once
@ -236,9 +228,12 @@ sudo -u gradido bash <<'EOF'
fi fi
# Install yarn and pm2 # Install yarn and pm2
npm i -g yarn pm2 npm i -g yarn pm2
# start pm2
pm2 startup
EOF EOF
# Load nvm
export NVM_DIR="/home/gradido/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
# start pm2
pm2 startup
# Install logrotate # Install logrotate
envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/logrotate/gradido.conf.template > $SCRIPT_PATH/logrotate/gradido.conf envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $SCRIPT_PATH/logrotate/gradido.conf.template > $SCRIPT_PATH/logrotate/gradido.conf
@ -247,9 +242,7 @@ cp $SCRIPT_PATH/logrotate/gradido.conf /etc/logrotate.d/gradido.conf
# create db user # create db user
export DB_USER=gradido export DB_USER=gradido
# create a new password only if it not already exist # create a new password only if it not already exist
if [ -z "${DB_PASSWORD}" ]; then : "${DB_PASSWORD:=$(tr -dc '_A-Za-z0-9' < /dev/urandom | head -c 32)}"
export DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c 32; echo);
fi
# Check if DB_PASSWORD is still empty, then exit with an error # Check if DB_PASSWORD is still empty, then exit with an error
if [ -z "${DB_PASSWORD}" ]; then if [ -z "${DB_PASSWORD}" ]; then