#!/bin/sh yum update -y yum install -y python3-pip git amazon-linux-extras install nginx1 pip3 install --upgrade pip pip3 install certbot certbot-nginx cd /home/ec2-user git clone ${REPO_URL} cd iptv-updater-aws pip3 install -r requirements.txt # Create systemd service file cat << 'EOF' > /etc/systemd/system/iptv-updater.service [Unit] Description=IPTV Updater Service After=network.target [Service] Type=simple User=ec2-user WorkingDirectory=/home/ec2-user/iptv-updater-aws ExecStart=/usr/local/bin/uvicorn app.main:app --host 127.0.0.1 --port 8000 EnvironmentFile=/etc/environment Restart=always [Install] WantedBy=multi-user.target EOF # Ensure root has a crontab before installing acme.sh crontab -u root -l >/dev/null 2>&1 || (echo "" | crontab -u root -) # Install and configure acme.sh curl https://get.acme.sh | sh -s email="${LETSENCRYPT_EMAIL}" # Configure acme.sh to use DNS API for FreeDNS . "/.acme.sh/acme.sh.env" "/.acme.sh"/acme.sh --issue --dns dns_freedns -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME} sudo mkdir -p /etc/nginx/ssl "/.acme.sh"/acme.sh --install-cert -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME} \ --key-file /etc/nginx/ssl/${DOMAIN_NAME}.pem \ --fullchain-file /etc/nginx/ssl/cert.pem \ --reloadcmd "service nginx force-reload" # Create nginx config cat << EOF > /etc/nginx/conf.d/iptvUpdater.conf server { listen 80; server_name ${DOMAIN_NAME} *.${DOMAIN_NAME}; return 301 https://\$host\$request_uri; } server { listen 443 ssl; server_name ${DOMAIN_NAME} *.${DOMAIN_NAME}; ssl_certificate /etc/nginx/ssl/cert.pem; ssl_certificate_key /etc/nginx/ssl/${DOMAIN_NAME}.pem; location / { proxy_pass http://127.0.0.1:8000; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; } } EOF # Start nginx service systemctl enable nginx systemctl start nginx systemctl enable iptv-updater systemctl start iptv-updater