bao
eeb6174de0
- ASP.NET Core 10 Backend (JWT Auth, Agent config API) - Vue 3 Frontend (Dashboard, Team, Agents, Config Editor) - PostgreSQL Database - Docker Compose setup - Mission Control Dashboard redesign
108 lines
3.0 KiB
Bash
Executable File
108 lines
3.0 KiB
Bash
Executable File
#!/bin/bash
|
||
# HTTPS-Setup für nexus.noveria.net
|
||
# Auf dem VPS-HOST ausführen!
|
||
|
||
set -e
|
||
|
||
echo "=== HTTPS Setup für nexus.noveria.net ==="
|
||
|
||
SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
|
||
|
||
# 1. Zuerst nur HTTP-Config ausrollen (keine SSL-Referenz!)
|
||
echo "[1/5] Installiere HTTP-only Nginx-Config..."
|
||
sudo tee /etc/nginx/sites-available/nexus.noveria.net > /dev/null << 'NGINXEOF'
|
||
server {
|
||
listen 80;
|
||
server_name nexus.noveria.net;
|
||
|
||
location /.well-known/acme-challenge/ {
|
||
root /var/www/html;
|
||
}
|
||
|
||
location / {
|
||
proxy_pass http://127.0.0.1:18880;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
}
|
||
}
|
||
NGINXEOF
|
||
|
||
sudo ln -sf /etc/nginx/sites-available/nexus.noveria.net /etc/nginx/sites-enabled/
|
||
sudo nginx -t && sudo systemctl reload nginx
|
||
echo " ✅ HTTP-Config aktiv"
|
||
|
||
# 2. Firewall
|
||
echo "[2/5] Firewall..."
|
||
if command -v ufw &>/dev/null; then
|
||
sudo ufw allow 80/tcp 2>/dev/null || true
|
||
sudo ufw allow 443/tcp 2>/dev/null || true
|
||
echo " ✅ ufw: 80+443 offen"
|
||
else
|
||
echo " ⏭ ufw nicht installiert"
|
||
fi
|
||
|
||
# 3. HTTP-Test
|
||
echo "[3/5] Teste HTTP..."
|
||
sleep 1
|
||
STATUS=$(curl -s -o /dev/null -w "%{http_code}" http://nexus.noveria.net)
|
||
echo " HTTP-Status: $STATUS"
|
||
|
||
# 4. Zertifikat holen
|
||
echo "[4/5] Fordere Let's-Encrypt-Zertifikat an..."
|
||
sudo certbot certonly --webroot -w /var/www/html -d nexus.noveria.net --non-interactive --agree-tos --email vmbao62@hotmail.de 2>&1 || {
|
||
echo " ⚠️ certbot fehlgeschlagen – manuell nachholen:"
|
||
echo " sudo certbot --nginx -d nexus.noveria.net"
|
||
exit 1
|
||
}
|
||
echo " ✅ Zertifikat erhalten"
|
||
|
||
# 5. HTTPS-Config ausrollen
|
||
echo "[5/5] Aktiviere HTTPS-Config..."
|
||
sudo tee /etc/nginx/sites-available/nexus.noveria.net > /dev/null << 'NGINXSSL'
|
||
server {
|
||
listen 80;
|
||
server_name nexus.noveria.net;
|
||
location /.well-known/acme-challenge/ {
|
||
root /var/www/html;
|
||
}
|
||
location / {
|
||
return 301 https://$host$request_uri;
|
||
}
|
||
}
|
||
|
||
server {
|
||
listen 443 ssl http2;
|
||
server_name nexus.noveria.net;
|
||
|
||
ssl_certificate /etc/letsencrypt/live/nexus.noveria.net/fullchain.pem;
|
||
ssl_certificate_key /etc/letsencrypt/live/nexus.noveria.net/privkey.pem;
|
||
|
||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||
add_header X-Content-Type-Options nosniff;
|
||
add_header X-Frame-Options DENY;
|
||
|
||
client_max_body_size 16m;
|
||
|
||
location / {
|
||
proxy_pass http://127.0.0.1:18880;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
}
|
||
}
|
||
NGINXSSL
|
||
|
||
sudo nginx -t && sudo systemctl reload nginx
|
||
echo " ✅ HTTPS aktiv"
|
||
|
||
# Test
|
||
echo ""
|
||
sleep 2
|
||
curl -s -o /dev/null -w "HTTPS-Status: %{http_code}\n" https://nexus.noveria.net
|
||
echo ""
|
||
echo "=== Fertig ==="
|
||
echo "Nexus: https://nexus.noveria.net"
|