#!/usr/bin/env bash # scripts/install.sh set -euo pipefail REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" SSL_DIR="${REPO_DIR}/nginx/ssl" DOMAIN="nxt.bhatfamily.in" if ! command -v docker >/dev/null 2>&1; then echo "ERROR: Docker is not installed. Install Docker and rerun this script." exit 1 fi if ! docker compose version >/dev/null 2>&1 && ! command -v docker-compose >/dev/null 2>&1; then echo "ERROR: docker compose / docker-compose is not installed." exit 1 fi if ! command -v openssl >/dev/null 2>&1; then echo "ERROR: openssl is not installed." exit 1 fi if ! command -v ufw >/dev/null 2>&1; then echo "INFO: ufw not found. Ensure ports 8082 and 8446 are open in your firewall/router." fi compose() { if docker compose version >/dev/null 2>&1; then docker compose "$@" else docker-compose "$@" fi } mkdir -p "${SSL_DIR}" echo "==> Ensuring TLS files exist for nginx startup..." if [ ! -f "${SSL_DIR}/${DOMAIN}.crt" ] || [ ! -f "${SSL_DIR}/${DOMAIN}.key" ]; then echo "==> Generating bootstrap self-signed certificate for ${DOMAIN} (valid 365 days)..." openssl req -x509 -nodes -newkey rsa:4096 \ -keyout "${SSL_DIR}/${DOMAIN}.key" \ -out "${SSL_DIR}/${DOMAIN}.crt" \ -days 365 \ -subj "/CN=${DOMAIN}" else echo "==> Existing certificate/key found; skipping bootstrap certificate generation." fi if [ ! -f "${SSL_DIR}/dhparam.pem" ]; then echo "==> Generating dhparam (one-time, may take a while)..." openssl dhparam -out "${SSL_DIR}/dhparam.pem" 2048 fi if command -v ufw >/dev/null 2>&1; then echo "==> Configuring UFW firewall rules (8082/tcp, 8446/tcp)..." sudo ufw allow 8082/tcp comment "Nextcloud HTTP" sudo ufw allow 8446/tcp comment "Nextcloud HTTPS" fi echo "==> Pulling and starting containers..." compose -f "${REPO_DIR}/docker-compose.yml" pull compose -f "${REPO_DIR}/docker-compose.yml" up -d echo "==> Stack started" echo " http://${DOMAIN}:8082 (redirects to HTTPS)" echo " https://${DOMAIN}:8446" echo echo "For production TLS with Let's Encrypt DNS-01 (Cloudflare):" echo " 1) export CF_DNS_API_TOKEN=" echo " 2) export LETSENCRYPT_EMAIL=" echo " 3) ./scripts/provision-production-tls.sh" echo " 4) docker compose restart web"