diff --git a/.env b/.env index 9fcf5f1..6e499c7 100644 --- a/.env +++ b/.env @@ -1,7 +1,6 @@ #!/usr/bin/env bash # Ghost -GHOST_HOST=localhost/ghost GHOST_EMAIL=admin@openrsc.com GHOST_PASSWORD=malwareinfection GHOST_DATABASE_NAME=ghost diff --git a/Certbot.sh b/Certbot.sh new file mode 100755 index 0000000..9806500 --- /dev/null +++ b/Certbot.sh @@ -0,0 +1,8 @@ +sudo certbot certonly \ +--standalone \ +--preferred-challenges http \ +--agree-tos -n \ +--config-dir ./etc/letsencrypt \ +-d wolfkingdom.net \ +-m cleako@gmail.com \ +-q diff --git a/Linux_Fetch_Updates_Production.sh b/Linux_Fetch_Updates_Production.sh index 2815420..f7bccb2 100755 --- a/Linux_Fetch_Updates_Production.sh +++ b/Linux_Fetch_Updates_Production.sh @@ -32,12 +32,12 @@ sudo nano .env sudo nano client/src/org/openrsc/client/Config.java sudo nano Launcher/src/Main.java sudo nano server/config/config.xml +sudo nano ../etc/ghost/config.production.json echo "" echo "" echo "File edits complete. Restarting Docker containers." echo "" -sudo make stop -sudo make start +sudo make stop && sudo make start fi if [ "$edit" == "2" ]; then diff --git a/Linux_Installer.sh b/Linux_Installer.sh index 36382e3..56e80a0 100755 --- a/Linux_Installer.sh +++ b/Linux_Installer.sh @@ -76,7 +76,11 @@ if [ "$install" == "1" ]; then echo "" echo "Verifying the basics are installed." echo "" - sudo apt update && sudo apt install screen zip fail2ban unzip git build-essential apt-transport-https ca-certificates curl software-properties-common -y + sudo apt-get update + sudo apt-get install software-properties-common -y + sudo add-apt-repository ppa:certbot/certbot -y + sudo apt-get update + sudo apt-get install certbot screen zip fail2ban unzip git build-essential apt-transport-https ca-certificates curl software-properties-common -y echo "" echo "" echo "Do you have Docker installed? It is required for this." @@ -95,7 +99,7 @@ if [ "$install" == "1" ]; then echo "" curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $vers stable" - sudo apt update && sudo apt install docker-ce docker-compose -y + sudo apt-get update && sudo apt-get install docker-ce docker-compose -y else continue fi @@ -530,14 +534,15 @@ elif [ "$choice" == "2" ]; then echo "" echo "Starting up the Docker containers. If error, do \"sudo make stop\" and rerun script." echo "" + sudo chmod -R 777 . sudo make start echo "" echo "" echo "Fetching the Website and Game from the Open RSC git repo." echo "" sudo make clone-game - echo "" sudo make clone-website + sudo chmod -R 777 . echo "" echo "" echo "Creating the client cache in your home folder." @@ -546,28 +551,34 @@ elif [ "$choice" == "2" ]; then unzip -o Game/client/cache.zip -d ~/OpenRSC echo "" echo "" - echo "Importing the databases." - echo "" - sudo make import-game - sudo make import-ghost - echo "" - echo "" - echo "Creating a backup of your current databases as \"Docker-Home/data/db/db.sql\"" - echo "" - sudo make backup - echo "" - echo "" echo "Next is manual file editing for the website domain and SQL user/pass." echo "" + echo "It is suggested that you first navigate to your VPS's http://domain:9000" + echo "" + echo "Create a new SQL user and password, grant all permissions, then remove the others." + echo "" + echo "" + echo "When finished, it will be time to edit the files that rely on that new SQL user." + echo "" echo "(Use Ctrl + X to save each file when done editing) - Press enter when ready." read next sudo nano .env sudo nano Game/client/src/org/openrsc/client/Config.java sudo nano Game/Launcher/src/Main.java sudo nano Game/server/config/config.xml + sudo nano etc/ghost/config.production.json echo "" echo "" - echo "File edits complete. Restarting Docker containers." + echo "File edits complete." + echo "" + echo "" + echo "Importing the databases." + echo "" + sudo make import-game + sudo make import-ghost + echo "" + echo "" + echo "Restarting Docker containers" echo "" sudo make stop && sudo make start echo "" diff --git a/Website_Certbot.sh b/Website_Certbot.sh deleted file mode 100755 index d5ce090..0000000 --- a/Website_Certbot.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -sudo docker run -it --rm --name certbot \ - -v `pwd`/etc/letsencrypt/certs:/etc/letsencrypt \ - -v `pwd`/etc/letsencrypt/data:/data/letsencrypt \ - deliverous/certbot \ - certonly \ - --webroot --webroot-path=/data/letsencrypt \ - -d openrsc.com -d www.openrsc.com --staging diff --git a/docker-compose.yml b/docker-compose.yml index 56ef571..a5c6f33 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,24 +2,22 @@ version: '3.1' services: nginx: - image: bitnami/nginx:latest + image: nginx:latest container_name: nginx volumes: - - "./etc/nginx:/opt/bitnami/nginx/conf/vhosts" - - "./Website:/opt/bitnami/nginx/html" - - "./etc/logs/nginx:/opt/bitnami/nginx/logs" - #- "./etc/logs/letsencrypt:/var/log/letsencrypt" - #- "./etc/letsencrypt/certs:/etc/letsencrypt" - #- "./etc/letsencrypt/data:/data/letsencrypt" + - "./etc/nginx:/etc/nginx/conf.d" + - "./Website:/var/www/html" + - "./etc/logs/nginx:/var/log/nginx" + - "./etc/letsencrypt:/etc/letsencrypt" ports: - - "80:8080" + - "80:80" - "443:443" environment: - NGINX_HOST=${NGINX_HOST} - #- VIRTUAL_HOST=localhost - #- LETSENCRYPT_HOST=localhost - #- LETSENCRYPT_EMAIL=your.email@here.com restart: always + depends_on: + - tomcat + - mysqldb myadmin: image: phpmyadmin/phpmyadmin @@ -38,7 +36,7 @@ services: user: root command: chown -R 1001:1001 /bitnami volumes: - - "./data/db/mysq:/bitnami/mariadb" + - "./data/db/mysq:/bitnami/mariadb" mysqldb: image: bitnami/mariadb:latest @@ -60,7 +58,7 @@ services: - "./data/db/mysq:/bitnami/mariadb" - "./etc/mariadb/innodb.cnf:/bitnami/mariadb/conf/innodb.cnf:ro" depends_on: - - nginx + - fix-mariadb-permissions tomcat: image: tomcat:latest @@ -71,15 +69,13 @@ services: volumes: - "./Website:/usr/local/tomcat/webapps/ROOT" - "./etc/tomcat:/usr/local/tomcat/conf" - depends_on: - - nginx fix-ghost-permissions: image: 'bitnami/ghost:latest' user: root command: chown -R 1001:1001 /bitnami/ghost volumes: - - "./etc/ghost:/bitnami/ghost" + - "./etc/ghost:/bitnami/ghost" ghost: image: bitnami/ghost:latest @@ -98,24 +94,23 @@ services: - GHOST_DATABASE_PASSWORD=${MARIADB_ROOT_PASSWORD} - GHOST_DATABASE_NAME=${GHOST_DATABASE_NAME} - ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD} - - GHOST_HOST=${GHOST_HOST} - GHOST_EMAIL=${GHOST_EMAIL} - GHOST_PASSWORD=${GHOST_PASSWORD} depends_on: - - mysqldb - - nginx + - fix-ghost-permissions - php: - image: bitnami/php-fpm:latest - container_name: php - restart: always - ports: - - "9001:9000" - volumes: - - "./etc/php/php.ini:/opt/bitnami/php/etc/conf.d/php.ini" - - "./Website:/app" - depends_on: - - nginx +# php: +# image: bitnami/php-fpm:latest +# container_name: php +# restart: always +# ports: +# - "9001:9000" +# volumes: +# - "./etc/php/php.ini:/opt/bitnami/php/etc/conf.d/php.ini" +# - "./Website:/app" +# - "./etc/logs/php:/opt/bitnami/php/log" +# depends_on: +# - nginx volumes: mariadb_data: diff --git a/etc/ghost/config.production.json b/etc/ghost/config.production.json index 476f8da..2f103a7 100644 --- a/etc/ghost/config.production.json +++ b/etc/ghost/config.production.json @@ -9,7 +9,7 @@ "database": "ghost" } }, - "url": "http://localhost:2368/blog", + "url": "http://localhost/blog", "server": { "port": 2368, "host": "0.0.0.0" diff --git a/etc/ghost/ghost/config.production.json b/etc/ghost/ghost/config.production.json deleted file mode 100644 index 476f8da..0000000 --- a/etc/ghost/ghost/config.production.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "database": { - "client": "mysql", - "connection": { - "host": "mysql", - "port": 3306, - "password": "root", - "user": "root", - "database": "ghost" - } - }, - "url": "http://localhost:2368/blog", - "server": { - "port": 2368, - "host": "0.0.0.0" - }, - "mail": { - "transport": "Direct" - }, - "logging": { - "transports": [ - "file" - ] - }, - "process": "local", - "paths": { - "contentPath": "/opt/bitnami/ghost/content" - } -} diff --git a/etc/logs/.gitkeep b/etc/logs/nginx/.gitkeep similarity index 100% rename from etc/logs/.gitkeep rename to etc/logs/nginx/.gitkeep diff --git a/etc/logs/php/.gitkeep b/etc/logs/php/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/etc/nginx/HTTPS_default.conf.BAK b/etc/nginx/HTTPS_default.conf.BAK index 4fefa52..96fb245 100755 --- a/etc/nginx/HTTPS_default.conf.BAK +++ b/etc/nginx/HTTPS_default.conf.BAK @@ -8,94 +8,69 @@ upstream ghost { # HTTP server { - listen 8080 default_server; - listen [::]:8080 default_server ipv6only=on; + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; server_name ${NGINX_HOST}; - error_log /opt/bitnami/nginx/logs/error.log; - access_log /opt/bitnami/nginx/logs/access.log; + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; - rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS - - root /app; - index index.html index.htm index.php index.jsp; - - client_max_body_size 100M; - - location / { - try_files $uri $uri/index.html; + location ~ /.well-known/acme-challenge { + allow all; + root /var/www/html; } - ####### Proxies ####### - # PHP proxy - location ~ \.php$ { - fastcgi_pass php:9001; - fastcgi_index index.php; - include fastcgi.conf; - } - - # Ghost proxy - location /blog { - proxy_pass http://ghost; - proxy_set_header Host $http_host; # required for docker client's sake - proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 900; - } - - # Tomcat proxy - location ~ \.(do|jspa|obr|jsp|txt|zip) { - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://tomcat; - } + rewrite ^ https://$http_host$request_uri? permanent; } # HTTPS server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ${NGINX_HOST}; + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ${NGINX_HOST}; - error_log /opt/bitnami/nginx/logs/error.log; - access_log /opt/bitnami/nginx/logs/access.log; + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; - add_header Strict-Transport-Security "max-age=31536000" always; - ssl_session_cache shared:SSL:20m; - ssl_session_timeout 10m; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; - ssl_stapling on; - ssl_stapling_verify on; - resolver 8.8.8.8 1.1.1.1; - ssl_certificate /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/${NGINX_HOST}/chain.pem; + add_header Strict-Transport-Security "max-age=31536000" always; + ssl_session_cache shared:SSL:20m; + ssl_session_timeout 10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; + ssl_stapling on; + ssl_stapling_verify on; + resolver 8.8.8.8 1.1.1.1; + ssl_certificate /etc/letsencrypt/live/wolfkingdom.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/wolfkingdom.net/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/wolfkingdom.net/chain.pem; root /app; - index index.html index.htm index.php index.jsp; + index index.jsp index.html index.htm; client_max_body_size 100M; location / { - try_files $uri $uri/index.html; + root /var/www/html; } ####### Proxies ####### # PHP proxy - location ~ \.php$ { - fastcgi_pass php:9001; - fastcgi_index index.php; - include fastcgi.conf; +# location /board { +# fastcgi_pass php:9001; +# fastcgi_index index.php; +# include fastcgi.conf; +# root /app; +# } + + location ~ \.htm$ { + root /var/www/html; } # Ghost proxy location /blog { - proxy_pass http://ghost; + proxy_pass http://ghost; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -104,16 +79,11 @@ server { } # Tomcat proxy - location ~ \.(do|jspa|obr|jsp|txt|zip) { - proxy_set_header X-Forwarded-Host $host; + location ~ \.jsp$ { + proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://tomcat; } - # Certbot for HTTPS cert renewal - location ~ ^/.well-known { - root /data/letsencrypt/; - } - } diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf deleted file mode 100755 index b9c0563..0000000 --- a/etc/nginx/nginx.conf +++ /dev/null @@ -1,55 +0,0 @@ -upstream tomcat { - server tomcat:8080; -} - -upstream ghost { - server ghost:2368; -} - -# HTTP -server { - listen 8080 default_server; - listen [::]:8080 default_server ipv6only=on; - server_name ${NGINX_HOST}; - - error_log /opt/bitnami/nginx/logs/error.log; - access_log /opt/bitnami/nginx/logs/access.log; - - #rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS - - root /app; - index index.html index.htm index.php index.jsp; - - client_max_body_size 100M; - - location / { - try_files $uri $uri/index.html; - } - - ####### Proxies ####### - # PHP proxy - location ~ \.php$ { - fastcgi_pass php:9001; - fastcgi_index index.php; - include fastcgi.conf; - } - - # Ghost proxy - location /blog { - proxy_pass http://ghost; - proxy_set_header Host $http_host; # required for docker client's sake - proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 900; - } - - # Tomcat proxy - location ~ \.(do|jspa|obr|jsp|txt|zip) { - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://tomcat; - } - -}