enki/torrent-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
torrent-gateway/scripts/install_native.sh
enki 639041abc5
Some checks are pending
CI Pipeline / Run Tests (push) Waiting to run
Details
CI Pipeline / Lint Code (push) Waiting to run
Details
CI Pipeline / Security Scan (push) Waiting to run
Details
CI Pipeline / Build Docker Images (push) Blocked by required conditions
Details
CI Pipeline / E2E Tests (push) Blocked by required conditions
Details
install script update
2025-08-27 11:21:05 -07:00

485 lines
14 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Native Installation Script
# Complete setup for Torrent Gateway without Docker
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
echo "🚀 Torrent Gateway Native Installation"
echo "======================================"
# Check if running as root
if [ "$EUID" -ne 0 ]; then
echo "❌ This script must be run as root"
echo "Please run: sudo $0"
exit 1
fi
# Parse arguments
ENABLE_MONITORING=false
SKIP_BUILD=false
DOMAIN=""
EMAIL=""
SKIP_SSL=false
while [[ $# -gt 0 ]]; do
case $1 in
--with-monitoring)
ENABLE_MONITORING=true
shift
;;
--skip-build)
SKIP_BUILD=true
shift
;;
--domain)
DOMAIN="$2"
shift 2
;;
--email)
EMAIL="$2"
shift 2
;;
--skip-ssl)
SKIP_SSL=true
shift
;;
--help)
echo "Usage: $0 [OPTIONS]"
echo ""
echo "Options:"
echo " --with-monitoring Install Prometheus, Grafana, and AlertManager"
echo " --skip-build Skip building the application (use existing binary)"
echo " --domain DOMAIN Domain name for SSL certificate (e.g., gateway.example.com)"
echo " --email EMAIL Email for Let's Encrypt certificate notifications"
echo " --skip-ssl Skip SSL/HTTPS setup (HTTP only)"
echo " --help Show this help message"
echo ""
echo "Example:"
echo " $0 --domain gateway.example.com --email admin@example.com"
exit 0
;;
*)
echo "Unknown option: $1"
echo "Use --help for usage information"
exit 1
;;
esac
done
echo "Configuration:"
echo " Monitoring: $ENABLE_MONITORING"
echo " Skip build: $SKIP_BUILD"
echo " Domain: ${DOMAIN:-'Not set (HTTP only)'}"
echo " Email: ${EMAIL:-'Not set'}"
echo " Skip SSL: $SKIP_SSL"
echo ""
cd "$PROJECT_ROOT"
# Step 1: Install system dependencies
echo "📦 Installing system dependencies..."
apt-get update
apt-get install -y \
golang-go \
git \
sqlite3 \
redis-server \
nginx \
certbot \
python3-certbot-nginx \
logrotate \
curl \
jq \
bc \
htop \
tree \
unzip \
wget \
ffmpeg
# Verify Go installation
if ! command -v go &> /dev/null; then
echo "❌ Go installation failed"
exit 1
fi
GO_VERSION=$(go version | grep -o 'go[0-9.]*' | head -1)
echo "✅ Go $GO_VERSION installed"
# Step 2: Build application
if [ "$SKIP_BUILD" = false ]; then
echo "🔨 Building Torrent Gateway..."
# Install Go dependencies
go mod download
# Build binary
go build -o bin/gateway \
-ldflags "-X main.version=$(git describe --tags --always 2>/dev/null || echo 'dev') -X main.buildTime=$(date -u +%Y-%m-%dT%H:%M:%SZ) -s -w" \
cmd/gateway/main.go
if [ ! -f "bin/gateway" ]; then
echo "❌ Build failed"
exit 1
fi
echo "✅ Application built successfully"
else
echo "⏭️ Skipping build (using existing binary)"
if [ ! -f "bin/gateway" ]; then
echo "❌ No existing binary found. Remove --skip-build or build first."
exit 1
fi
fi
# Step 3: Setup systemd service
echo "⚙️ Setting up systemd service..."
./scripts/setup_systemd.sh $([ "$ENABLE_MONITORING" = true ] && echo "--with-monitoring")
# Step 4: Configure Redis
echo "🔧 Optimizing Redis configuration..."
cat > /etc/redis/redis.local.conf << 'EOF'
# Torrent Gateway specific Redis config
maxmemory 512mb
maxmemory-policy allkeys-lru
save 900 1
save 300 10
save 60 10000
EOF
# Include local config in main Redis config
if ! grep -q "include /etc/redis/redis.local.conf" /etc/redis/redis.conf; then
echo "include /etc/redis/redis.local.conf" >> /etc/redis/redis.conf
fi
# Step 5: Setup monitoring (if requested)
if [ "$ENABLE_MONITORING" = true ]; then
echo "📊 Installing monitoring components..."
# Install Node Exporter for system metrics
NODE_EXPORTER_VERSION="1.7.0"
cd /tmp
wget "https://github.com/prometheus/node_exporter/releases/download/v${NODE_EXPORTER_VERSION}/node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64.tar.gz"
tar -xzf "node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64.tar.gz"
mkdir -p /opt/node_exporter
cp "node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64/node_exporter" /opt/node_exporter/
# Create node_exporter systemd service
cat > /etc/systemd/system/node-exporter.service << 'EOF'
[Unit]
Description=Node Exporter
After=network.target
[Service]
Type=simple
User=prometheus
Group=prometheus
ExecStart=/opt/node_exporter/node_exporter
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable node-exporter
systemctl start node-exporter
echo "✅ Node Exporter installed and started"
fi
# Step 6: Configure nginx
echo "🌐 Configuring nginx..."
# Create nginx configuration
cat > /etc/nginx/sites-available/torrent-gateway << EOF
server {
listen 80;
server_name ${DOMAIN:-'_'};
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
# Main application proxy
location / {
proxy_pass http://127.0.0.1:9877;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts for large uploads
proxy_connect_timeout 60s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
# Health check endpoint
location /health {
access_log off;
proxy_pass http://127.0.0.1:9877/api/health;
}
# Increase client max body size for file uploads
client_max_body_size 10G;
client_body_timeout 300s;
client_header_timeout 300s;
# Enable gzip compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_proxied any;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml
image/svg+xml;
}
EOF
# Enable the site
ln -sf /etc/nginx/sites-available/torrent-gateway /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
# Test nginx configuration
nginx -t
if [ $? -ne 0 ]; then
echo "❌ Nginx configuration error"
exit 1
fi
echo "✅ Nginx configured"
# Step 7: Setup SSL with certbot (if domain provided)
if [ -n "$DOMAIN" ] && [ "$SKIP_SSL" = false ]; then
echo "🔐 Setting up SSL certificate for $DOMAIN..."
if [ -z "$EMAIL" ]; then
echo "❌ Email is required for SSL certificate"
echo "Please provide --email argument or use --skip-ssl"
exit 1
fi
# Start nginx to respond to HTTP challenges
systemctl start nginx
# Get SSL certificate
certbot --nginx --non-interactive --agree-tos --email "$EMAIL" -d "$DOMAIN"
if [ $? -eq 0 ]; then
echo "✅ SSL certificate obtained successfully"
# Setup auto-renewal
(crontab -l 2>/dev/null; echo "0 12 * * * /usr/bin/certbot renew --quiet") | crontab -
echo "✅ SSL auto-renewal configured"
else
echo "⚠️ SSL certificate setup failed. Continuing with HTTP only."
echo "You may need to:"
echo " 1. Ensure $DOMAIN points to this server's IP"
echo " 2. Check firewall allows ports 80/443"
echo " 3. Run: sudo certbot --nginx -d $DOMAIN"
fi
else
if [ -n "$DOMAIN" ]; then
echo "⏭️ Skipping SSL setup (--skip-ssl specified)"
else
echo "⏭️ Skipping SSL setup (no domain provided)"
fi
fi
# Step 8: Configure firewall
echo "🔒 Configuring firewall..."
if command -v ufw &> /dev/null; then
# Allow SSH
ufw allow ssh
# Allow HTTP/HTTPS
ufw allow 80/tcp
ufw allow 443/tcp
# Allow monitoring ports (only from localhost)
if [ "$ENABLE_MONITORING" = true ]; then
ufw allow from 127.0.0.1 to any port 9090 # Prometheus
ufw allow from 127.0.0.1 to any port 3000 # Grafana
ufw allow from 127.0.0.1 to any port 9100 # Node Exporter
fi
# Enable firewall (only if not already enabled)
if ! ufw status | grep -q "Status: active"; then
echo "y" | ufw enable
fi
echo "✅ Firewall configured"
else
echo "⚠️ UFW not available, skipping firewall configuration"
fi
# Step 9: Create maintenance scripts
echo "🛠️ Creating maintenance scripts..."
# Create backup cron job
cat > /etc/cron.d/torrent-gateway << 'EOF'
# Torrent Gateway maintenance cron jobs
# Daily backup at 2 AM
0 2 * * * root /opt/torrent-gateway/scripts/backup.sh > /var/log/torrent-gateway-backup.log 2>&1
# Database maintenance at 3 AM
0 3 * * * root /opt/torrent-gateway/scripts/migrate.sh > /var/log/torrent-gateway-migrate.log 2>&1
# Health check every 5 minutes
*/5 * * * * root /opt/torrent-gateway/scripts/health_check.sh > /var/log/torrent-gateway-health.log 2>&1 || true
EOF
# Create log cleanup script
cat > /opt/torrent-gateway/scripts/cleanup.sh << 'EOF'
#!/bin/bash
# Cleanup Script
# Removes old logs and temporary files
set -e
INSTALL_DIR="/opt/torrent-gateway"
cd "$INSTALL_DIR"
echo "🧹 Cleaning up old files..."
# Remove old log files (older than 30 days)
find logs/ -name "*.log" -mtime +30 -delete 2>/dev/null || true
# Remove old backups (keep last 30)
cd backups/
ls -t gateway_backup_*.tar.gz 2>/dev/null | tail -n +31 | xargs rm -f || true
ls -t database_*.sql 2>/dev/null | tail -n +31 | xargs rm -f || true
# Clean up temporary chunk files
find data/chunks/ -name "*.tmp" -mtime +1 -delete 2>/dev/null || true
echo "✅ Cleanup completed"
EOF
chmod +x /opt/torrent-gateway/scripts/cleanup.sh
# Add weekly cleanup to cron
echo "0 4 * * 0 root /opt/torrent-gateway/scripts/cleanup.sh > /var/log/torrent-gateway-cleanup.log 2>&1" >> /etc/cron.d/torrent-gateway
# Step 10: Final service startup
echo "🚀 Starting all services..."
# Start dependencies first
systemctl start redis-server
systemctl start nginx
if [ "$ENABLE_MONITORING" = true ]; then
systemctl start prometheus
systemctl start grafana-server
fi
# Start main service
/opt/torrent-gateway/scripts/start.sh
# Wait for service to be ready
echo "⏳ Waiting for services to be ready..."
timeout 60 bash -c 'until curl -sf http://localhost:9877/api/health; do sleep 2; done'
# Test nginx proxy
echo "🧪 Testing nginx proxy..."
timeout 30 bash -c 'until curl -sf http://localhost/api/health; do sleep 2; done'
# Run health checks
echo "🏥 Running health checks..."
/opt/torrent-gateway/scripts/health_check.sh
if [ $? -eq 0 ]; then
echo ""
echo "🎉 Installation completed successfully!"
echo ""
echo "📊 Service Information:"
echo " Status: systemctl status torrent-gateway"
echo " Logs: journalctl -u torrent-gateway -f"
echo " Config: /opt/torrent-gateway/"
echo ""
echo "🌐 Access URLs:"
if [ -n "$DOMAIN" ] && [ "$SKIP_SSL" = false ]; then
echo " Gateway: https://$DOMAIN"
echo " API: https://$DOMAIN/api/"
echo " Admin Panel: https://$DOMAIN/admin"
elif [ -n "$DOMAIN" ]; then
echo " Gateway: http://$DOMAIN"
echo " API: http://$DOMAIN/api/"
echo " Admin Panel: http://$DOMAIN/admin"
else
echo " Gateway: http://localhost (or http://YOUR_SERVER_IP)"
echo " API: http://localhost/api/"
echo " Admin Panel: http://localhost/admin"
fi
if [ "$ENABLE_MONITORING" = true ]; then
echo " Prometheus: http://localhost:9090"
echo " Grafana: http://localhost:3000 (admin/admin)"
fi
echo ""
echo "🔧 Management Commands:"
echo " Start: sudo systemctl start torrent-gateway"
echo " Stop: sudo systemctl stop torrent-gateway"
echo " Restart: sudo systemctl restart torrent-gateway"
echo " Status: sudo systemctl status torrent-gateway"
echo " Nginx: sudo systemctl restart nginx"
echo ""
echo "💾 Backup & Restore:"
echo " Backup: sudo /opt/torrent-gateway/scripts/backup.sh"
echo " Restore: sudo /opt/torrent-gateway/scripts/restore.sh <timestamp>"
echo ""
echo "📝 Logs and Monitoring:"
echo " App logs: sudo journalctl -u torrent-gateway -f"
echo " Nginx logs: sudo tail -f /var/log/nginx/error.log"
echo " System logs: sudo tail -f /var/log/syslog"
echo " Health: sudo /opt/torrent-gateway/scripts/health_check.sh"
echo ""
if [ -n "$DOMAIN" ]; then
echo "🔐 SSL Certificate:"
echo " Status: sudo certbot certificates"
echo " Renew: sudo certbot renew"
echo " Test Renew: sudo certbot renew --dry-run"
echo ""
fi
echo "🛠️ Domain Setup Instructions:"
echo ""
echo " To use a custom domain, you need to:"
echo " 1. Point your domain's DNS A record to this server's IP"
echo " 2. Ensure ports 80 and 443 are open in your firewall"
echo " 3. Re-run install with: sudo $0 --domain yourdomain.com --email your@email.com"
echo ""
echo " Example DNS setup:"
echo " - Type: A"
echo " - Name: gateway (or @ for root domain)"
echo " - Value: $(curl -s https://api.ipify.org || echo 'YOUR_SERVER_IP')"
echo " - TTL: 300 (5 minutes)"
echo ""
echo " After DNS propagation (usually 5-60 minutes), SSL will be automatically configured."
else
echo "❌ Installation completed but health checks failed"
echo "Check logs: journalctl -u torrent-gateway"
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink