108 lines
3.3 KiB
Bash
108 lines
3.3 KiB
Bash
#!/bin/sh
|
|
|
|
# Update system and install required packages
|
|
dnf update -y
|
|
dnf install -y python3-pip git cronie nginx certbot python3-certbot-nginx postgresql awscli
|
|
|
|
# Start and enable crond service
|
|
systemctl start crond
|
|
systemctl enable crond
|
|
|
|
cd /home/ec2-user
|
|
|
|
git clone ${REPO_URL}
|
|
cd iptv-manager-service
|
|
|
|
# Install Python packages with --ignore-installed to prevent conflicts with RPM packages
|
|
pip3 install --ignore-installed -r requirements.txt
|
|
|
|
# Retrieve DB credentials from SSM Parameter Store
|
|
export DB_HOST=$(aws ssm get-parameter --name "/iptv-manager/DB_HOST" --query "Parameter.Value" --output text)
|
|
export DB_NAME=$(aws ssm get-parameter --name "/iptv-manager/DB_NAME" --query "Parameter.Value" --output text)
|
|
export DB_USER=$(aws ssm get-parameter --name "/iptv-manager/DB_USER" --query "Parameter.Value" --output text)
|
|
export DB_PASSWORD=$(aws ssm get-parameter --name "/iptv-manager/DB_PASSWORD" --query "Parameter.Value" --output text)
|
|
|
|
# Set PGPASSWORD for psql to use
|
|
export PGPASSWORD=$DB_PASSWORD
|
|
|
|
# Wait for PostgreSQL to be ready
|
|
echo "Waiting for PostgreSQL to start..."
|
|
until psql -h $DB_HOST -U $DB_USER -d postgres -c '\q'; do
|
|
sleep 1
|
|
done
|
|
echo "PostgreSQL is ready."
|
|
|
|
# Create database if it does not exist
|
|
DB_EXISTS=$(psql -h $DB_HOST -U $DB_USER -d postgres -tc "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME';")
|
|
if [ -z "$DB_EXISTS" ]; then
|
|
echo "Creating database $DB_NAME..."
|
|
psql -h $DB_HOST -U $DB_USER -d postgres -c "CREATE DATABASE $DB_NAME;"
|
|
echo "Database $DB_NAME created."
|
|
fi
|
|
|
|
# Run database migrations
|
|
alembic upgrade head
|
|
|
|
# Create systemd service file
|
|
cat << 'EOF' > /etc/systemd/system/iptv-manager.service
|
|
[Unit]
|
|
Description=IPTV Manager Service
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=ec2-user
|
|
WorkingDirectory=/home/ec2-user/iptv-manager-service
|
|
ExecStart=/usr/local/bin/uvicorn app.main:app --host 127.0.0.1 --port 8000
|
|
EnvironmentFile=/etc/environment
|
|
Restart=always
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
# Ensure root has a crontab before installing acme.sh
|
|
crontab -u root -l >/dev/null 2>&1 || (echo "" | crontab -u root -)
|
|
|
|
# Install and configure acme.sh
|
|
curl https://get.acme.sh | sh -s email="${LETSENCRYPT_EMAIL}"
|
|
|
|
# Configure acme.sh to use DNS API for FreeDNS
|
|
. "/.acme.sh/acme.sh.env"
|
|
"/.acme.sh"/acme.sh --issue --dns dns_freedns -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME}
|
|
sudo mkdir -p /etc/nginx/ssl
|
|
"/.acme.sh"/acme.sh --install-cert -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME} \
|
|
--key-file /etc/nginx/ssl/${DOMAIN_NAME}.pem \
|
|
--fullchain-file /etc/nginx/ssl/cert.pem \
|
|
--reloadcmd "service nginx force-reload"
|
|
|
|
# Create nginx config
|
|
cat << EOF > /etc/nginx/conf.d/iptvManager.conf
|
|
server {
|
|
listen 80;
|
|
server_name ${DOMAIN_NAME} *.${DOMAIN_NAME};
|
|
return 301 https://\$host\$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name ${DOMAIN_NAME} *.${DOMAIN_NAME};
|
|
|
|
ssl_certificate /etc/nginx/ssl/cert.pem;
|
|
ssl_certificate_key /etc/nginx/ssl/${DOMAIN_NAME}.pem;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:8000;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
}
|
|
}
|
|
EOF
|
|
|
|
# Start nginx service
|
|
systemctl enable nginx
|
|
systemctl start nginx
|
|
systemctl enable iptv-manager
|
|
systemctl start iptv-manager |