#!/usr/bin/env bash # scripts/install.sh set -euo pipefail REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" SSL_DIR="${REPO_DIR}/nginx/ssl" DOMAIN="nxt.bhatfamily.in" echo "==> Ensuring required packages are installed (docker, docker-compose, ufw, openssl)..." if ! command -v docker >/dev/null 2>&1; then echo "Docker is not installed. Install Docker and rerun this script." exit 1 fi if ! command -v docker compose >/dev/null 2>&1 && ! command -v docker-compose >/dev/null 2>&1; then echo "docker compose / docker-compose is not installed. Install Docker Compose and rerun." exit 1 fi if ! command -v ufw >/dev/null 2>&1; then echo "ufw not found. Installing ufw requires root and internet access." fi mkdir -p "${SSL_DIR}" echo "==> Generating self-signed TLS certificate for ${DOMAIN} (valid 365 days)..." if [ ! -f "${SSL_DIR}/${DOMAIN}.crt" ] || [ ! -f "${SSL_DIR}/${DOMAIN}.key" ]; then openssl req -x509 -nodes -newkey rsa:4096 \ -keyout "${SSL_DIR}/${DOMAIN}.key" \ -out "${SSL_DIR}/${DOMAIN}.crt" \ -days 365 \ -subj "/CN=${DOMAIN}" else echo "Certificate already exists, skipping generation." fi if [ ! -f "${SSL_DIR}/dhparam.pem" ]; then echo "==> Generating dhparam (this may take a while)..." openssl dhparam -out "${SSL_DIR}/dhparam.pem" 2048 fi echo "==> Configuring UFW firewall rules (allow 8082/tcp and 8446/tcp)..." if command -v ufw >/dev/null 2>&1; then sudo ufw allow 8082/tcp comment "Nextcloud HTTP" sudo ufw allow 8446/tcp comment "Nextcloud HTTPS" else echo "ufw not installed; ensure ports 8082 and 8446 are open in your firewall/router." fi echo "==> Starting Nextcloud stack via Docker Compose..." cd "${REPO_DIR}" if command -v docker compose >/dev/null 2>&1; then docker compose pull docker compose up -d else docker-compose pull docker-compose up -d fi echo "==> Nextcloud should now be reachable at:" echo " http://${DOMAIN}:8082 (redirects to HTTPS)" echo " https://${DOMAIN}:8446" echo "" echo "NOTE: Browser will warn about self-signed certificate. Replace with a valid cert for production."