diff --git a/.env b/.env new file mode 120000 index 0000000..de4ffb4 --- /dev/null +++ b/.env @@ -0,0 +1 @@ +huly.conf \ No newline at end of file diff --git a/.gitignore b/.gitignore index e20f53b..34c6225 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ letsencrypt/ -nginx/docker-compose.yaml traefik/docker-compose.yaml -compose.yaml -nginx.conf \ No newline at end of file +nginx.conf +nginx.conf.bak +huly.conf +.huly.secret \ No newline at end of file diff --git a/nginx/huly.nginx b/.huly.nginx similarity index 83% rename from nginx/huly.nginx rename to .huly.nginx index 1c924dd..9aed695 100644 --- a/nginx/huly.nginx +++ b/.huly.nginx @@ -19,6 +19,19 @@ server { proxy_pass http://account:3000/; } + #location /_love { + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "upgrade"; + # rewrite ^/_love(/.*)$ $1 break; + # proxy_pass http://love:8096/; + #} + location /_collaborator { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/.template.huly.conf b/.template.huly.conf new file mode 100644 index 0000000..6dbb5c9 --- /dev/null +++ b/.template.huly.conf @@ -0,0 +1,26 @@ +HULY_VERSION=v0.6.295 +DOCKER_NAME=huly + +# The address of the host or server from which you will access your Huly instance. +# This can be a domain name (e.g., huly.example.com) or an IP address (e.g., 192.168.1.1). +HOST_ADDRESS=${HOST_ADDRESS} + +# Set this variable to 'true' to enable SSL (HTTPS/WSS). +# Leave it empty to use non-SSL (HTTP/WS). +SECURE=${SECURE} + +# Specify the IP address to bind to; leave blank to bind to all interfaces (0.0.0.0). +# Do not use IP:PORT format in HTTP_BIND or HTTP_PORT. +HTTP_PORT=${HTTP_PORT} +HTTP_BIND=${HTTP_BIND} + +# Huly specific variables +TITLE=${TITLE} +DEFAULT_LANGUAGE=${DEFAULT_LANGUAGE} +LAST_NAME_FIRST=${LAST_NAME_FIRST} + +# The following configs are auto-generated by the setup script. +# Please do not manually overwrite. + +# Run with --secret to regenerate. +SECRET=${HULY_SECRET} diff --git a/.template.nginx.conf b/.template.nginx.conf new file mode 100644 index 0000000..4c37a07 --- /dev/null +++ b/.template.nginx.conf @@ -0,0 +1,14 @@ +server { + server_name ; + listen ; + location / { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass ; + } +} diff --git a/README.md b/README.md index fb6815f..280025c 100644 --- a/README.md +++ b/README.md @@ -12,40 +12,42 @@ If you prefer Kubernetes deployment, there is a sample Kubernetes configuration First, let's install `nginx` and `docker` using the commands below if you have not already installed them on your machine. ```bash -$ sudo apt update -$ sudo apt install nginx -$ sudo snap install docker +sudo apt update +sudo apt install nginx +sudo snap install docker ``` ## Clone the `huly-selfhost` repository and configure `nginx` -Next, let's clone the `huly-selfhost` repository and configure the server address. _Please replace **x.y.z.w** with your server's IP address_. +Next, let's clone the `huly-selfhost` repository and configure Huly. ```bash -$ git clone https://github.com/hcengineering/huly-selfhost.git -$ cd huly-selfhost -$ ./setup.sh x.y.z.w # Replace x.y.z.w with your server's IP address -$ sudo ln -s $(pwd)/nginx.conf /etc/nginx/sites-enabled/ +git clone https://github.com/hcengineering/huly-selfhost.git +cd huly-selfhost +./setup.sh ``` +This will generate a [huly.conf](./huly.conf) file with your chosen values and create your nginx config. -## Now we're ready to run Huly +To add the generated configuration to your Nginx setup, run the following: +```bash +sudo ln -s $(pwd)/nginx.conf /etc/nginx/sites-enabled/huly.conf +``` +> [!NOTE] +> If you change `HOST_ADDRESS`, `SECURE`, `HTTP_PORT` or `HTTP_BIND` be sure to update your [nginx.conf](./nginx.conf) by running: +> ```bash +> ./nginx.sh +> ``` +>You can safely execute this script after adding your custom configurations like ssl. It will only overwrite the necessary settings. -Finally, let's restart `nginx` and run Huly with `docker compose`. +Finally, let's reload `nginx` and start Huly with `docker compose`. ```bash -$ sudo systemctl restart nginx -$ sudo docker compose up +sudo nginx -s reload +sudo docker compose up -d ``` Now, launch your web browser and enjoy Huly! -## Security - -When exposing your self-hosted Huly deployment to the internet, it's crucial to implement some security measures to protect your server and data. - -1. Do not expose MongoDB, MinIO, and Elastic services to the internet. Huly does not require them to be accessible from the internet. -2. It is highly recommended to change the default credentials. By default the services, mentioned above, require no authentication, or use default well-known credentials. - ## Generating Public and Private VAPID keys for front-end You'll need `Node.js` installed on your machine. Installing `npm` on Debian based distro: diff --git a/template.compose.yaml b/compose.yml similarity index 65% rename from template.compose.yaml rename to compose.yml index fcce927..91a06c7 100644 --- a/template.compose.yaml +++ b/compose.yml @@ -1,25 +1,29 @@ -version: "3" +name: ${DOCKER_NAME} services: + nginx: + image: "nginx:1.21.3" + ports: + - "${HTTP_BIND}:${HTTP_PORT}:80" + volumes: + - ./.huly.nginx:/etc/nginx/conf.d/default.conf + restart: unless-stopped + mongodb: image: "mongo:7-jammy" - container_name: mongodb environment: - PUID=1000 - PGID=1000 volumes: - db:/data/db - ports: - - 27017:27017 restart: unless-stopped + minio: image: "minio/minio" command: server /data --address ":9000" --console-address ":9001" - ports: - - 9000:9000 - - 9001:9001 volumes: - files:/data restart: unless-stopped + elastic: image: "elasticsearch:7.14.2" command: | @@ -27,8 +31,6 @@ services: /usr/local/bin/docker-entrypoint.sh eswrapper" volumes: - elastic:/usr/share/elasticsearch/data - ports: - - 9200:9200 environment: - ELASTICSEARCH_PORT_NUMBER=9200 - BITNAMI_DEBUG=true @@ -41,98 +43,104 @@ services: retries: 10 test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"' restart: unless-stopped + + rekoni: + image: hardcoreeng/rekoni-service:${HULY_VERSION} + environment: + - SECRET=${SECRET} + deploy: + resources: + limits: + memory: 500M + restart: unless-stopped + + transactor: + image: hardcoreeng/transactor:${HULY_VERSION} + environment: + - SERVER_PORT=3333 + - SERVER_SECRET=${SECRET} + - SERVER_CURSOR_MAXTIMEMS=30000 + - ELASTIC_URL=http://elastic:9200 + - ELASTIC_INDEX_NAME=huly_storage_index + - DB_URL=mongodb://mongodb:27017 + - MONGO_URL=mongodb://mongodb:27017 + - METRICS_CONSOLE=false + - METRICS_FILE=metrics.txt + - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin + - REKONI_URL=http://rekoni:4004 + - FRONT_URL=http://localhost:8087 + - ACCOUNTS_URL=http://account:3000 + - LAST_NAME_FIRST=${LAST_NAME_FIRST:-true} + - UPLOAD_URL=http${SECURE:+s}://${HOST_ADDRESS}/files + restart: unless-stopped + + collaborator: + image: hardcoreeng/collaborator:${HULY_VERSION} + environment: + - COLLABORATOR_PORT=3078 + - SECRET=${SECRET} + - ACCOUNTS_URL=http://account:3000 + - DB_URL=mongodb://mongodb:27017 + - MONGO_URL=mongodb://mongodb:27017 + - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin + restart: unless-stopped + account: image: hardcoreeng/account:${HULY_VERSION} - ports: - - 3000:3000 environment: - SERVER_PORT=3000 - - SERVER_SECRET=${HULY_SECRET} + - SERVER_SECRET=${SECRET} - DB_URL=mongodb://mongodb:27017 - - TRANSACTOR_URL=ws://transactor:3333;ws://${SERVER_ADDRESS}:3333 + - MONGO_URL=mongodb://mongodb:27017 + - TRANSACTOR_URL=ws://transactor:3333;ws${SECURE:+s}://${HOST_ADDRESS}/_transactor - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - FRONT_URL=http://front:8080 - MODEL_ENABLED=* - - ACCOUNTS_URL=http://${SERVER_ADDRESS}:3000 + - ACCOUNTS_URL=http://localhost:3000 - ACCOUNT_PORT=3000 restart: unless-stopped + workspace: image: hardcoreeng/workspace:${HULY_VERSION} environment: - - SERVER_SECRET=${HULY_SECRET} + - SERVER_SECRET=${SECRET} - DB_URL=mongodb://mongodb:27017 - MONGO_URL=mongodb://mongodb:27017 - - TRANSACTOR_URL=ws://transactor:3333;ws://${SERVER_ADDRESS}:3333 + - TRANSACTOR_URL=ws://transactor:3333;ws${SECURE:+s}://${HOST_ADDRESS}/_transactor - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - MODEL_ENABLED=* - ACCOUNTS_URL=http://account:3000 - NOTIFY_INBOX_ONLY=true restart: unless-stopped + + # THIS REQUIRES MANUAL SETUP + # https://docs.livekit.io/home/self-hosting/vm/ + #love: + # image: hardcoreeng/love:${HULY_VERSION} + # restart: unless-stopped front: image: hardcoreeng/front:${HULY_VERSION} - ports: - - 8087:8080 environment: - SERVER_PORT=8080 - - SERVER_SECRET=${HULY_SECRET} - - ACCOUNTS_URL=http://${SERVER_ADDRESS}:3000 - - REKONI_URL=http://${SERVER_ADDRESS}:4004 - - CALENDAR_URL=http://${SERVER_ADDRESS}:8095 - - GMAIL_URL=http://${SERVER_ADDRESS}:8088 - - TELEGRAM_URL=http://${SERVER_ADDRESS}:8086 + - SERVER_SECRET=${SECRET} + - LOVE_ENDPOINT=http${SECURE:+s}://${HOST_ADDRESS}/_love + - ACCOUNTS_URL=http${SECURE:+s}://${HOST_ADDRESS}/_accounts + - REKONI_URL=http${SECURE:+s}://${HOST_ADDRESS}/_rekoni + - CALENDAR_URL=http${SECURE:+s}://${HOST_ADDRESS}/_calendar + - GMAIL_URL=http${SECURE:+s}://${HOST_ADDRESS}/_gmail + - TELEGRAM_URL=http${SECURE:+s}://${HOST_ADDRESS}/_telegram - UPLOAD_URL=/files - ELASTIC_URL=http://elastic:9200 - - COLLABORATOR_URL=ws://${SERVER_ADDRESS}:3078 + - COLLABORATOR_URL=ws${SECURE:+s}://${HOST_ADDRESS}/_collaborator - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - - MONGO_URL=mongodb://mongodb:27017 - - TITLE=Huly Self Hosted - - DEFAULT_LANGUAGE=en - - LAST_NAME_FIRST=true - restart: unless-stopped - collaborator: - image: hardcoreeng/collaborator:${HULY_VERSION} - ports: - - 3078:3078 - environment: - - COLLABORATOR_PORT=3078 - - SECRET=${HULY_SECRET} - - ACCOUNTS_URL=http://account:3000 - - MONGO_URL=mongodb://mongodb:27017 - - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - restart: unless-stopped - transactor: - image: hardcoreeng/transactor:${HULY_VERSION} - ports: - - 3333:3333 - environment: - - SERVER_PORT=3333 - - SERVER_SECRET=${HULY_SECRET} - - SERVER_CURSOR_MAXTIMEMS=30000 - - ELASTIC_URL=http://elastic:9200 - - ELASTIC_INDEX_NAME=huly_storage_index - DB_URL=mongodb://mongodb:27017 - MONGO_URL=mongodb://mongodb:27017 - - METRICS_CONSOLE=false - - METRICS_FILE=metrics.txt - - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - - REKONI_URL=http://rekoni:4004 - - FRONT_URL=http://${SERVER_ADDRESS}:8087 - - ACCOUNTS_URL=http://account:3000 - - LAST_NAME_FIRST=true - restart: unless-stopped - rekoni: - image: hardcoreeng/rekoni-service:${HULY_VERSION} - ports: - - 4004:4004 - environment: - - SECRET=${HULY_SECRET} - deploy: - resources: - limits: - memory: 500M + - TITLE=${TITLE:-Huly Self Host} + - DEFAULT_LANGUAGE=${DEFAULT_LANGUAGE:-en} + - LAST_NAME_FIRST=${LAST_NAME_FIRST:-true} restart: unless-stopped + volumes: db: - files: elastic: - etcd: + files: \ No newline at end of file diff --git a/nginx.sh b/nginx.sh new file mode 100755 index 0000000..4c0ec0f --- /dev/null +++ b/nginx.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +if [ -f "huly.conf" ]; then + source "huly.conf" +fi + +# Check for --recreate flag +RECREATE=false +if [ "$1" == "--recreate" ]; then + RECREATE=true +fi + +# Handle nginx.conf recreation or updating +if [ "$RECREATE" == true ]; then + cp .template.nginx.conf nginx.conf + echo "nginx.conf has been recreated from the template." +else + if [ ! -f "nginx.conf" ]; then + echo "nginx.conf not found, creating from template." + cp .template.nginx.conf nginx.conf + else + echo "nginx.conf already exists. Only updating server_name, listen, and proxy_pass." + echo "Run with --recreate to fully overwrite nginx.conf." + fi +fi + +# Update server_name and proxy_pass using sed +sed -i.bak "s|server_name .*;|server_name ${HOST_ADDRESS};|" ./nginx.conf +sed -i.bak "s|proxy_pass .*;|proxy_pass http://${HTTP_BIND:-127.0.0.1}:${HTTP_PORT};|" ./nginx.conf + +# Update listen directive to either port 80 or 443, while preserving IP address +if [[ -n "$SECURE" ]]; then + # Secure (use port 443 and add 'ssl') + sed -i.bak -E 's|(listen )(.*:)?([0-9]+)?;|\1443 ssl;|' ./nginx.conf + echo "Serving over SSL. Make sure to add your SSL certificates." +else + # Non-secure (use port 80 and remove 'ssl') + sed -i.bak -E "s|(listen )(.*:)?[0-9]+ ssl;|\1\280;|" ./nginx.conf + sed -i.bak -E "s|(listen )(.*:)?([0-9]+)?;|\1\280;|" ./nginx.conf +fi + +# Extract IP address for redirect configuration +IP_ADDRESS=$(grep -oE 'listen \K[^:]+(?=:[0-9]+ ssl;)' nginx.conf) + +# Remove HTTP to HTTPS redirect server block if SSL is enabled +if [[ -z "$SECURE" ]]; then + echo "Enabling SSL; removing HTTP to HTTPS redirect block..." + # Remove the entire server block for port 80 + if grep -q 'return 301 https://\$host\$request_uri;' nginx.conf; then + sed -i.bak '/# !/,/!/d' nginx.conf + fi +else + # Check if the HTTP to HTTPS redirect block already exists + if grep -q 'return 301 https://\$host\$request_uri;' nginx.conf; then + sed -i.bak '/# !/,/!/d' nginx.conf + fi + + echo "Creating HTTP to HTTPS redirect..." + echo -e "# ! DO NOT REMOVE COMMENT +# DO NOT MODIFY, CHANGES WILL BE OVERWRITTEN +server { + listen ${IP_ADDRESS:+${IP_ADDRESS}:}80; + server_name ${HOST_ADDRESS}; + return 301 https://\$host\$request_uri; +} +# DO NOT REMOVE COMMENT !" >> ./nginx.conf +fi + +read -p "Do you want to run 'nginx -s reload' now to load your updated Huly config? (Y/n): " RUN_NGINX +case "${RUN_NGINX:-Y}" in + [Yy]* ) + echo -e "\033[1;32mRunning 'nginx -s reload' now...\033[0m" + sudo nginx -s reload + ;; + [Nn]* ) + echo "You can run 'nginx -s reload' later to load your updated Huly config." + ;; +esac \ No newline at end of file diff --git a/nginx/setup.sh b/nginx/setup.sh deleted file mode 100755 index 33de132..0000000 --- a/nginx/setup.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/env bash - -# Ask for the domain name -read -p "Enter the domain name: " DOMAIN_NAME -if [ -z "$DOMAIN_NAME" ]; then - echo "DOMAIN_NAME is required" - exit 1 -fi - -read -p "Enter the port you want nginx to expose: " NGINX_SERVICE_PORT -if [ -z "$NGINX_SERVICE_PORT" ]; then - echo "NGINX_SERVICE_PORT address is required" - exit 1 -fi - -read -p "Do you run behind SSL proxy (did you setup HTTPS)? (Y/n): " NGINX_BEHIND_SSL -case "$NGINX_BEHIND_SSL" in - [Yy]* ) - NGINX_WS_SCHEME="wss" - NGINX_HTTP_SCHEME="https" - ;; - [Nn]* ) - NGINX_WS_SCHEME="ws" - NGINX_HTTP_SCHEME="http" - ;; - * ) - echo "SSL selected" - NGINX_WS_SCHEME="wss" - NGINX_HTTP_SCHEME="https" - ;; -esac - - -export HULY_VERSION="v0.6.333" -export NGINX_SERVICE_PORT=$NGINX_SERVICE_PORT -export NGINX_HTTP_SCHEME=$NGINX_HTTP_SCHEME -export NGINX_WS_SCHEME=$NGINX_WS_SCHEME -export SERVER_ADDRESS="${DOMAIN_NAME}:${NGINX_SERVICE_PORT}" - -# $(openssl rand -hex 32) -export HULY_SECRET="secret" - -# replace the domain name and email address in the docker-compose file -envsubst < template-compose.yaml > docker-compose.yaml - -echo -e "\033[1;32mSetup is complete. Run 'docker compose up -d' to start the services.\033[0m" - diff --git a/nginx/template-compose.yaml b/nginx/template-compose.yaml deleted file mode 100644 index e310469..0000000 --- a/nginx/template-compose.yaml +++ /dev/null @@ -1,171 +0,0 @@ -services: - nginx: - image: "nginx:1.21.3" - ports: - - "${NGINX_SERVICE_PORT}:80" - volumes: - - ./huly.nginx:/etc/nginx/conf.d/default.conf - restart: unless-stopped - networks: - - internal-services - - nginx-public - - mongodb: - image: "mongo:7-jammy" - container_name: mongodb - environment: - - PUID=1000 - - PGID=1000 - volumes: - - db:/data/db - restart: unless-stopped - networks: - - internal-services - - elastic: - image: "elasticsearch:7.14.2" - command: | - /bin/sh -c "./bin/elasticsearch-plugin list | grep -q ingest-attachment || yes | ./bin/elasticsearch-plugin install --silent ingest-attachment; - /usr/local/bin/docker-entrypoint.sh eswrapper" - volumes: - - elastic:/usr/share/elasticsearch/data - environment: - - ELASTICSEARCH_PORT_NUMBER=9200 - - BITNAMI_DEBUG=true - - discovery.type=single-node - - ES_JAVA_OPTS=-Xms1024m -Xmx1024m - - http.cors.enabled=true - - http.cors.allow-origin=http://localhost:8082 - healthcheck: - interval: 20s - retries: 10 - test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"' - restart: unless-stopped - networks: - - internal-services - - minio: - image: "minio/minio" - command: server /data --address ":9000" --console-address ":9001" - volumes: - - files:/data - restart: unless-stopped - networks: - - internal-services - - rekoni: - image: hardcoreeng/rekoni-service:${HULY_VERSION} - environment: - - SECRET=${HULY_SECRET} - deploy: - resources: - limits: - memory: 500M - restart: unless-stopped - networks: - - internal-services - - nginx-public - - transactor: - image: hardcoreeng/transactor:${HULY_VERSION} - environment: - - SERVER_PORT=3333 - - SERVER_SECRET=${HULY_SECRET} - - SERVER_CURSOR_MAXTIMEMS=30000 - - ELASTIC_URL=http://elastic:9200 - - ELASTIC_INDEX_NAME=huly_storage_index - - DB_URL=mongodb://mongodb:27017 - - MONGO_URL=mongodb://mongodb:27017 - - METRICS_CONSOLE=false - - METRICS_FILE=metrics.txt - - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - - REKONI_URL=http://rekoni:4004 - - FRONT_URL=http://localhost:8087 - - ACCOUNTS_URL=http://account:3000 - - LAST_NAME_FIRST=true - - UPLOAD_URL=${NGINX_HTTP_SCHEME}://${SERVER_ADDRESS}/files - restart: unless-stopped - networks: - - internal-services - - nginx-public - - - collaborator: - image: hardcoreeng/collaborator:${HULY_VERSION} - environment: - - COLLABORATOR_PORT=3078 - - SECRET=${HULY_SECRET} - - ACCOUNTS_URL=http://account:3000 - - MONGO_URL=mongodb://mongodb:27017 - - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - restart: unless-stopped - networks: - - internal-services - - nginx-public - - account: - image: hardcoreeng/account:${HULY_VERSION} - environment: - - SERVER_PORT=3000 - - SERVER_SECRET=${HULY_SECRET} - - DB_URL=mongodb://mongodb:27017 - - TRANSACTOR_URL=ws://transactor:3333;${NGINX_WS_SCHEME}://${SERVER_ADDRESS}/_transactor - - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - - FRONT_URL=http://front:8080 - - MODEL_ENABLED=* - - ACCOUNTS_URL=http://localhost:3000 - - ACCOUNT_PORT=3000 - restart: unless-stopped - networks: - - internal-services - - nginx-public - - workspace: - image: hardcoreeng/workspace:${HULY_VERSION} - environment: - - SERVER_SECRET=${HULY_SECRET} - - DB_URL=mongodb://mongodb:27017 - - MONGO_URL=mongodb://mongodb:27017 - - TRANSACTOR_URL=ws://transactor:3333;${NGINX_WS_SCHEME}://${SERVER_ADDRESS}/_transactor - - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - - MODEL_ENABLED=* - - ACCOUNTS_URL=http://account:3000 - - NOTIFY_INBOX_ONLY=true - restart: unless-stopped - networks: - - internal-services - - nginx-public - - front: - image: hardcoreeng/front:${HULY_VERSION} - environment: - - SERVER_PORT=8080 - - SERVER_SECRET=${HULY_SECRET} - - ACCOUNTS_URL=${NGINX_HTTP_SCHEME}://${SERVER_ADDRESS}/_accounts - - REKONI_URL=${NGINX_HTTP_SCHEME}://${SERVER_ADDRESS}/_rekoni - - CALENDAR_URL=${NGINX_HTTP_SCHEME}://${SERVER_ADDRESS}/_calendar - - GMAIL_URL=${NGINX_HTTP_SCHEME}://${SERVER_ADDRESS}/_gmail - - TELEGRAM_URL=${NGINX_HTTP_SCHEME}://${SERVER_ADDRESS}/_telegram - - UPLOAD_URL=/files - - ELASTIC_URL=http://elastic:9200 - - COLLABORATOR_URL=${NGINX_WS_SCHEME}://${SERVER_ADDRESS}/_collaborator - - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - - MONGO_URL=mongodb://mongodb:27017 - - TITLE=Huly Self Host - - DEFAULT_LANGUAGE=en - - LAST_NAME_FIRST=true - restart: unless-stopped - networks: - - internal-services - - nginx-public - -networks: - nginx-public: - name: nginx-public - internal-services: - name: internal-services - -volumes: - db: - elastic: - files: \ No newline at end of file diff --git a/setup.sh b/setup.sh index da7c18c..ab9b566 100755 --- a/setup.sh +++ b/setup.sh @@ -1,10 +1,113 @@ #!/usr/bin/env bash -export SERVER_ADDRESS="$1" -export HULY_SECRET="secret" +HULY_VERSION="v0.6.333" +DOCKER_NAME="huly" +CONFIG_FILE="huly.conf" -echo "Setting Huly Server Address: $SERVER_ADDRESS" -envsubst < template.conf > nginx.conf -envsubst < template.env > .env +if [ -f "$CONFIG_FILE" ]; then + source "$CONFIG_FILE" +fi -./use-version.sh v0.6.333 +while true; do + if [[ -n "$HOST_ADDRESS" ]]; then + prompt_type="current" + prompt_value="${HOST_ADDRESS}" + else + prompt_type="default" + prompt_value="localhost" + fi + read -p "Enter the host address (domain name or IP) [${prompt_type}: ${prompt_value}]: " input + _HOST_ADDRESS="${input:-${HOST_ADDRESS:-localhost}}" + break +done + +while true; do + if [[ -n "$HTTP_PORT" ]]; then + prompt_type="current" + prompt_value="${HTTP_PORT}" + else + prompt_type="default" + prompt_value="80" + fi + read -p "Enter the port for HTTP [${prompt_type}: ${prompt_value}]: " input + _HTTP_PORT="${input:-${HTTP_PORT:-80}}" + if [[ "$_HTTP_PORT" =~ ^[0-9]+$ && "$_HTTP_PORT" -ge 1 && "$_HTTP_PORT" -le 65535 ]]; then + break + else + echo "Invalid port. Please enter a number between 1 and 65535." + fi +done +echo $_HOST_ADDRESS $HOST_ADDRESS $_HTTP_PORT $HTTP_PORT +if [[ "$_HOST_ADDRESS" == "localhost" || "$_HOST_ADDRESS" == "127.0.0.1" || "$_HOST_ADDRESS" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}:?$ ]]; then + _HOST_ADDRESS="${_HOST_ADDRESS%:}:${_HTTP_PORT}" + SECURE="" +else + while true; do + if [[ -n "$SECURE" ]]; then + prompt_type="current" + prompt_value="Yes" + else + prompt_type="default" + prompt_value="No" + fi + read -p "Will you serve Huly over SSL? (y/n) [${prompt_type}: ${prompt_value}]: " input + case "${input}" in + [Yy]* ) + _SECURE="true"; break;; + [Nn]* ) + _SECURE=""; break;; + "" ) + _SECURE="${SECURE:+true}"; break;; + * ) + echo "Invalid input. Please enter Y or N.";; + esac + done +fi + +clear + +SECRET=false +if [ "$1" == "--secret" ]; then + SECRET=true +fi + +if [ ! -f .huly.secret ] || [ "$SECRET" == true ]; then + openssl rand -hex 32 > .huly.secret + echo "Secret generated and stored in .huly.secret" +else + echo -e "\033[33m.huly.secret already exists, not overwriting." + echo "Run this script with --secret to generate a new secret." +fi + +export HOST_ADDRESS=$_HOST_ADDRESS +export SECURE=$_SECURE +export HTTP_PORT=$_HTTP_PORT +export HTTP_BIND=$HTTP_BIND +export TITLE=${TITLE:-Huly} +export DEFAULT_LANGUAGE=${DEFAULT_LANGUAGE:-en} +export LAST_NAME_FIRST=${LAST_NAME_FIRST:-true} +export HULY_SECRET=$(cat .huly.secret) + +envsubst < .template.huly.conf > $CONFIG_FILE + +echo -e "\n\033[1;34mConfiguration Summary:\033[0m" +echo -e "Host Address: \033[1;32m$_HOST_ADDRESS\033[0m" +echo -e "HTTP Port: \033[1;32m$_HTTP_PORT\033[0m" +if [[ -n "$SECURE" ]]; then + echo -e "SSL Enabled: \033[1;32mYes\033[0m" +else + echo -e "SSL Enabled: \033[1;31mNo\033[0m" +fi +read -p "Do you want to run 'docker compose up -d' now to start Huly? (Y/n): " RUN_DOCKER +case "${RUN_DOCKER:-Y}" in + [Yy]* ) + echo -e "\033[1;32mRunning 'docker compose up -d' now...\033[0m" + sudo docker compose up -d + ;; + [Nn]* ) + echo "You can run 'docker compose up -d' later to start Huly." + ;; +esac + +echo -e "\033[1;32mSetup is complete!\n Generating nginx.conf...\033[0m" +./nginx.sh \ No newline at end of file diff --git a/template.conf b/template.conf deleted file mode 100644 index a1a5fd6..0000000 --- a/template.conf +++ /dev/null @@ -1,11 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name ${SERVER_ADDRESS}; - - location / { - proxy_pass http://localhost:8087; - include proxy_params; - } -} diff --git a/template.env b/template.env deleted file mode 100644 index be9f094..0000000 --- a/template.env +++ /dev/null @@ -1 +0,0 @@ -SERVER_ADDRESS=${SERVER_ADDRESS} diff --git a/use-version.sh b/use-version.sh deleted file mode 100755 index 74b7157..0000000 --- a/use-version.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -export HULY_VERSION="$1" -echo "Setting Huly Version: $HULY_VERSION" -envsubst < template.compose.yaml > compose.yaml