#!/bin/bash # Native Installation Script # Complete setup for Torrent Gateway without Docker set -e SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(dirname "$SCRIPT_DIR")" echo "๐Ÿš€ Torrent Gateway Native Installation" echo "======================================" # Check if running as root if [ "$EUID" -ne 0 ]; then echo "โŒ This script must be run as root" echo "Please run: sudo $0" exit 1 fi # Parse arguments ENABLE_MONITORING=false SKIP_BUILD=false DOMAIN="" EMAIL="" SKIP_SSL=false while [[ $# -gt 0 ]]; do case $1 in --with-monitoring) ENABLE_MONITORING=true shift ;; --skip-build) SKIP_BUILD=true shift ;; --domain) DOMAIN="$2" shift 2 ;; --email) EMAIL="$2" shift 2 ;; --skip-ssl) SKIP_SSL=true shift ;; --help) echo "Usage: $0 [OPTIONS]" echo "" echo "Options:" echo " --with-monitoring Install Prometheus, Grafana, and AlertManager" echo " --skip-build Skip building the application (use existing binary)" echo " --domain DOMAIN Domain name for SSL certificate (e.g., gateway.example.com)" echo " --email EMAIL Email for Let's Encrypt certificate notifications" echo " --skip-ssl Skip SSL/HTTPS setup (HTTP only)" echo " --help Show this help message" echo "" echo "Example:" echo " $0 --domain gateway.example.com --email admin@example.com" exit 0 ;; *) echo "Unknown option: $1" echo "Use --help for usage information" exit 1 ;; esac done echo "Configuration:" echo " Monitoring: $ENABLE_MONITORING" echo " Skip build: $SKIP_BUILD" echo " Domain: ${DOMAIN:-'Not set (HTTP only)'}" echo " Email: ${EMAIL:-'Not set'}" echo " Skip SSL: $SKIP_SSL" echo "" cd "$PROJECT_ROOT" # Step 1: Install system dependencies echo "๐Ÿ“ฆ Installing system dependencies..." apt-get update apt-get install -y \ golang-go \ git \ sqlite3 \ redis-server \ nginx \ certbot \ python3-certbot-nginx \ logrotate \ curl \ jq \ bc \ htop \ tree \ unzip \ wget \ ffmpeg # Verify Go installation if ! command -v go &> /dev/null; then echo "โŒ Go installation failed" exit 1 fi GO_VERSION=$(go version | grep -o 'go[0-9.]*' | head -1) echo "โœ… Go $GO_VERSION installed" # Step 2: Build application if [ "$SKIP_BUILD" = false ]; then echo "๐Ÿ”จ Building Torrent Gateway..." # Install Go dependencies go mod download # Build binary go build -o bin/gateway \ -ldflags "-X main.version=$(git describe --tags --always 2>/dev/null || echo 'dev') -X main.buildTime=$(date -u +%Y-%m-%dT%H:%M:%SZ) -s -w" \ cmd/gateway/main.go if [ ! -f "bin/gateway" ]; then echo "โŒ Build failed" exit 1 fi echo "โœ… Application built successfully" else echo "โญ๏ธ Skipping build (using existing binary)" if [ ! -f "bin/gateway" ]; then echo "โŒ No existing binary found. Remove --skip-build or build first." exit 1 fi fi # Step 3: Setup systemd service echo "โš™๏ธ Setting up systemd service..." ./scripts/setup_systemd.sh $([ "$ENABLE_MONITORING" = true ] && echo "--with-monitoring") # Step 4: Configure Redis echo "๐Ÿ”ง Optimizing Redis configuration..." cat > /etc/redis/redis.local.conf << 'EOF' # Torrent Gateway specific Redis config maxmemory 512mb maxmemory-policy allkeys-lru save 900 1 save 300 10 save 60 10000 EOF # Include local config in main Redis config if ! grep -q "include /etc/redis/redis.local.conf" /etc/redis/redis.conf; then echo "include /etc/redis/redis.local.conf" >> /etc/redis/redis.conf fi # Step 5: Setup monitoring (if requested) if [ "$ENABLE_MONITORING" = true ]; then echo "๐Ÿ“Š Installing monitoring components..." # Install Node Exporter for system metrics NODE_EXPORTER_VERSION="1.7.0" cd /tmp wget "https://github.com/prometheus/node_exporter/releases/download/v${NODE_EXPORTER_VERSION}/node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64.tar.gz" tar -xzf "node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64.tar.gz" mkdir -p /opt/node_exporter cp "node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64/node_exporter" /opt/node_exporter/ # Create node_exporter systemd service cat > /etc/systemd/system/node-exporter.service << 'EOF' [Unit] Description=Node Exporter After=network.target [Service] Type=simple User=prometheus Group=prometheus ExecStart=/opt/node_exporter/node_exporter Restart=always RestartSec=5 [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable node-exporter systemctl start node-exporter echo "โœ… Node Exporter installed and started" fi # Step 6: Configure nginx echo "๐ŸŒ Configuring nginx..." # Create nginx configuration cat > /etc/nginx/sites-available/torrent-gateway << EOF server { listen 80; server_name ${DOMAIN:-'_'}; # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; # Main application proxy location / { proxy_pass http://127.0.0.1:9877; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; # WebSocket support proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade"; # Timeouts for large uploads proxy_connect_timeout 60s; proxy_send_timeout 300s; proxy_read_timeout 300s; } # Health check endpoint location /health { access_log off; proxy_pass http://127.0.0.1:9877/api/health; } # Increase client max body size for file uploads client_max_body_size 10G; client_body_timeout 300s; client_header_timeout 300s; # Enable gzip compression gzip on; gzip_vary on; gzip_min_length 1024; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/atom+xml image/svg+xml; } EOF # Enable the site ln -sf /etc/nginx/sites-available/torrent-gateway /etc/nginx/sites-enabled/ rm -f /etc/nginx/sites-enabled/default # Test nginx configuration nginx -t if [ $? -ne 0 ]; then echo "โŒ Nginx configuration error" exit 1 fi echo "โœ… Nginx configured" # Step 7: Setup SSL with certbot (if domain provided) if [ -n "$DOMAIN" ] && [ "$SKIP_SSL" = false ]; then echo "๐Ÿ” Setting up SSL certificate for $DOMAIN..." if [ -z "$EMAIL" ]; then echo "โŒ Email is required for SSL certificate" echo "Please provide --email argument or use --skip-ssl" exit 1 fi # Start nginx to respond to HTTP challenges systemctl start nginx # Get SSL certificate certbot --nginx --non-interactive --agree-tos --email "$EMAIL" -d "$DOMAIN" if [ $? -eq 0 ]; then echo "โœ… SSL certificate obtained successfully" # Setup auto-renewal (crontab -l 2>/dev/null; echo "0 12 * * * /usr/bin/certbot renew --quiet") | crontab - echo "โœ… SSL auto-renewal configured" else echo "โš ๏ธ SSL certificate setup failed. Continuing with HTTP only." echo "You may need to:" echo " 1. Ensure $DOMAIN points to this server's IP" echo " 2. Check firewall allows ports 80/443" echo " 3. Run: sudo certbot --nginx -d $DOMAIN" fi else if [ -n "$DOMAIN" ]; then echo "โญ๏ธ Skipping SSL setup (--skip-ssl specified)" else echo "โญ๏ธ Skipping SSL setup (no domain provided)" fi fi # Step 8: Configure firewall echo "๐Ÿ”’ Configuring firewall..." if command -v ufw &> /dev/null; then # Allow SSH ufw allow ssh # Allow HTTP/HTTPS ufw allow 80/tcp ufw allow 443/tcp # Allow monitoring ports (only from localhost) if [ "$ENABLE_MONITORING" = true ]; then ufw allow from 127.0.0.1 to any port 9090 # Prometheus ufw allow from 127.0.0.1 to any port 3000 # Grafana ufw allow from 127.0.0.1 to any port 9100 # Node Exporter fi # Enable firewall (only if not already enabled) if ! ufw status | grep -q "Status: active"; then echo "y" | ufw enable fi echo "โœ… Firewall configured" else echo "โš ๏ธ UFW not available, skipping firewall configuration" fi # Step 9: Create maintenance scripts echo "๐Ÿ› ๏ธ Creating maintenance scripts..." # Create backup cron job cat > /etc/cron.d/torrent-gateway << 'EOF' # Torrent Gateway maintenance cron jobs # Daily backup at 2 AM 0 2 * * * root /opt/torrent-gateway/scripts/backup.sh > /var/log/torrent-gateway-backup.log 2>&1 # Database maintenance at 3 AM 0 3 * * * root /opt/torrent-gateway/scripts/migrate.sh > /var/log/torrent-gateway-migrate.log 2>&1 # Health check every 5 minutes */5 * * * * root /opt/torrent-gateway/scripts/health_check.sh > /var/log/torrent-gateway-health.log 2>&1 || true EOF # Create log cleanup script cat > /opt/torrent-gateway/scripts/cleanup.sh << 'EOF' #!/bin/bash # Cleanup Script # Removes old logs and temporary files set -e INSTALL_DIR="/opt/torrent-gateway" cd "$INSTALL_DIR" echo "๐Ÿงน Cleaning up old files..." # Remove old log files (older than 30 days) find logs/ -name "*.log" -mtime +30 -delete 2>/dev/null || true # Remove old backups (keep last 30) cd backups/ ls -t gateway_backup_*.tar.gz 2>/dev/null | tail -n +31 | xargs rm -f || true ls -t database_*.sql 2>/dev/null | tail -n +31 | xargs rm -f || true # Clean up temporary chunk files find data/chunks/ -name "*.tmp" -mtime +1 -delete 2>/dev/null || true echo "โœ… Cleanup completed" EOF chmod +x /opt/torrent-gateway/scripts/cleanup.sh # Add weekly cleanup to cron echo "0 4 * * 0 root /opt/torrent-gateway/scripts/cleanup.sh > /var/log/torrent-gateway-cleanup.log 2>&1" >> /etc/cron.d/torrent-gateway # Step 10: Final service startup echo "๐Ÿš€ Starting all services..." # Start dependencies first systemctl start redis-server systemctl start nginx if [ "$ENABLE_MONITORING" = true ]; then systemctl start prometheus systemctl start grafana-server fi # Start main service /opt/torrent-gateway/scripts/start.sh # Wait for service to be ready echo "โณ Waiting for services to be ready..." timeout 60 bash -c 'until curl -sf http://localhost:9877/api/health; do sleep 2; done' # Test nginx proxy echo "๐Ÿงช Testing nginx proxy..." timeout 30 bash -c 'until curl -sf http://localhost/api/health; do sleep 2; done' # Run health checks echo "๐Ÿฅ Running health checks..." /opt/torrent-gateway/scripts/health_check.sh if [ $? -eq 0 ]; then echo "" echo "๐ŸŽ‰ Installation completed successfully!" echo "" echo "๐Ÿ“Š Service Information:" echo " Status: systemctl status torrent-gateway" echo " Logs: journalctl -u torrent-gateway -f" echo " Config: /opt/torrent-gateway/" echo "" echo "๐ŸŒ Access URLs:" if [ -n "$DOMAIN" ] && [ "$SKIP_SSL" = false ]; then echo " Gateway: https://$DOMAIN" echo " API: https://$DOMAIN/api/" echo " Admin Panel: https://$DOMAIN/admin" elif [ -n "$DOMAIN" ]; then echo " Gateway: http://$DOMAIN" echo " API: http://$DOMAIN/api/" echo " Admin Panel: http://$DOMAIN/admin" else echo " Gateway: http://localhost (or http://YOUR_SERVER_IP)" echo " API: http://localhost/api/" echo " Admin Panel: http://localhost/admin" fi if [ "$ENABLE_MONITORING" = true ]; then echo " Prometheus: http://localhost:9090" echo " Grafana: http://localhost:3000 (admin/admin)" fi echo "" echo "๐Ÿ”ง Management Commands:" echo " Start: sudo systemctl start torrent-gateway" echo " Stop: sudo systemctl stop torrent-gateway" echo " Restart: sudo systemctl restart torrent-gateway" echo " Status: sudo systemctl status torrent-gateway" echo " Nginx: sudo systemctl restart nginx" echo "" echo "๐Ÿ’พ Backup & Restore:" echo " Backup: sudo /opt/torrent-gateway/scripts/backup.sh" echo " Restore: sudo /opt/torrent-gateway/scripts/restore.sh " echo "" echo "๐Ÿ“ Logs and Monitoring:" echo " App logs: sudo journalctl -u torrent-gateway -f" echo " Nginx logs: sudo tail -f /var/log/nginx/error.log" echo " System logs: sudo tail -f /var/log/syslog" echo " Health: sudo /opt/torrent-gateway/scripts/health_check.sh" echo "" if [ -n "$DOMAIN" ]; then echo "๐Ÿ” SSL Certificate:" echo " Status: sudo certbot certificates" echo " Renew: sudo certbot renew" echo " Test Renew: sudo certbot renew --dry-run" echo "" fi echo "๐Ÿ› ๏ธ Domain Setup Instructions:" echo "" echo " To use a custom domain, you need to:" echo " 1. Point your domain's DNS A record to this server's IP" echo " 2. Ensure ports 80 and 443 are open in your firewall" echo " 3. Re-run install with: sudo $0 --domain yourdomain.com --email your@email.com" echo "" echo " Example DNS setup:" echo " - Type: A" echo " - Name: gateway (or @ for root domain)" echo " - Value: $(curl -s https://api.ipify.org || echo 'YOUR_SERVER_IP')" echo " - TTL: 300 (5 minutes)" echo "" echo " After DNS propagation (usually 5-60 minutes), SSL will be automatically configured." else echo "โŒ Installation completed but health checks failed" echo "Check logs: journalctl -u torrent-gateway" exit 1 fi