diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md index a6c4003..18cd383 100644 --- a/DEPLOYMENT.md +++ b/DEPLOYMENT.md @@ -81,29 +81,38 @@ sudo apt update && sudo apt upgrade -y # Install required packages sudo apt install -y python3 python3-pip python3-venv nginx certbot python3-certbot-nginx git -# Create a non-root user for the application (recommended) -sudo adduser --system --group --home /opt/faction-war factionwar +# Create a service user for the application (no password by default) +sudo adduser --disabled-password --gecos "" --home /opt/faction-war factionwar + +# Optional: Set a password if you need to log in as this user +# sudo passwd factionwar ``` ### 2. Clone and Setup Application ```bash -# Switch to the application user -sudo su - factionwar - -# Clone the repository (or upload files via SCP/SFTP) +# Create application directory +sudo mkdir -p /opt/faction-war cd /opt/faction-war -git clone app + +# Clone the repository +sudo git clone https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git app + +# Set ownership to the service user +sudo chown -R factionwar:factionwar app + +# Work as the application user cd app +sudo -u factionwar python3 -m venv venv -# Create Python virtual environment -python3 -m venv venv -source venv/bin/activate - -# Install dependencies -pip install -r requirements.txt +# Install dependencies as the application user +sudo -u factionwar venv/bin/pip install -r requirements.txt ``` +**Note**: The `factionwar` user is created without a password. To work as this user: +- Use: `sudo -u factionwar bash` +- Or set a password: `sudo passwd factionwar` and then: `sudo su - factionwar` + ### 3. Configure Environment Variables ```bash @@ -557,37 +566,43 @@ pip install redis ```bash # 1. Server setup -sudo apt update && sudo apt install -y python3 python3-venv nginx certbot python3-certbot-nginx +sudo apt update && sudo apt install -y python3 python3-venv nginx certbot python3-certbot-nginx git -# 2. Clone and install -cd /opt && sudo mkdir faction-war && cd faction-war -git clone app && cd app -python3 -m venv venv && source venv/bin/activate -pip install -r requirements.txt +# 2. Create user and clone repository +sudo adduser --disabled-password --gecos "" --home /opt/faction-war factionwar +sudo mkdir -p /opt/faction-war +cd /opt/faction-war +sudo git clone https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git app +sudo chown -R factionwar:factionwar app +cd app -# 3. Configure -cp .env.example .env -nano .env # Set your secrets and API keys +# 3. Install dependencies +sudo -u factionwar python3 -m venv venv +sudo -u factionwar venv/bin/pip install -r requirements.txt -# 4. Setup SSL +# 4. Configure +sudo -u factionwar cp .env.example .env +sudo -u factionwar nano .env # Set your secrets and API keys + +# 5. Setup SSL sudo certbot --nginx -d yourdomain.com -# 5. Configure Nginx (use config from above) +# 6. Configure Nginx (use config from above) sudo nano /etc/nginx/sites-available/faction-war sudo ln -s /etc/nginx/sites-available/faction-war /etc/nginx/sites-enabled/ sudo nginx -t && sudo systemctl reload nginx -# 6. Setup systemd service (use config from above) +# 7. Setup systemd service (use config from above) sudo nano /etc/systemd/system/faction-war.service sudo systemctl daemon-reload sudo systemctl enable faction-war sudo systemctl start faction-war -# 7. Configure firewall +# 8. Configure firewall sudo ufw allow ssh && sudo ufw allow 80/tcp && sudo ufw allow 443/tcp sudo ufw enable -# 8. Done! Visit https://yourdomain.com +# 9. Done! Visit https://yourdomain.com ``` --- diff --git a/setup_production.sh b/setup_production.sh index e9adc5b..8b094e9 100644 --- a/setup_production.sh +++ b/setup_production.sh @@ -1,6 +1,17 @@ #!/bin/bash # Production Setup Script for Faction War Dispatch Bot -# Run this script on your Linux server +# Run this script on your Linux server as root (sudo bash setup_production.sh) +# +# This script will: +# - Create a service user 'factionwar' (no password by default) +# - Clone the repository from https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git +# - Install all dependencies +# - Configure Nginx with SSL +# - Set up systemd service +# - Configure firewall +# +# Note: To set a password for the factionwar user later (if needed for SSH): +# sudo passwd factionwar set -e # Exit on error @@ -37,23 +48,36 @@ apt install -y python3 python3-pip python3-venv nginx certbot python3-certbot-ng echo "" echo "Creating application user..." if ! id "factionwar" &>/dev/null; then - adduser --group --home /opt/faction-war factionwar + # Create user without password (non-interactive) + adduser --disabled-password --gecos "" --home /opt/faction-war factionwar + echo "Created user: factionwar" fi echo "" echo "Setting up application directory..." -mkdir -p /opt/faction-war -cd /opt/faction-war +mkdir -p /opt/faction-war/app +cd /opt/faction-war/app -# If app directory doesn't exist, clone or expect user to upload files -if [ ! -d "app" ]; then - echo "Please upload your application files to /opt/faction-war/app" - echo "Or clone from git repository" - exit 1 +# Clone repository if directory is empty +if [ -z "$(ls -A /opt/faction-war/app)" ]; then + echo "Cloning repository from https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git" + git clone https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git . + + if [ $? -ne 0 ]; then + echo "Failed to clone repository. Please check:" + echo " - Repository URL is correct" + echo " - You have access to the repository" + echo " - Network connection is working" + exit 1 + fi + + # Set ownership + chown -R factionwar:factionwar /opt/faction-war/app + echo "Repository cloned successfully" +else + echo "Application directory already exists, skipping clone" fi -cd app - echo "" echo "Setting up Python virtual environment..." if [ ! -d "venv" ]; then @@ -138,11 +162,17 @@ chmod +x /opt/faction-war/backup.sh echo "" echo "========================================" -echo "✅ Setup Complete!" +echo "Setup Complete!" echo "========================================" echo "" echo "Your application should now be running at: https://$DOMAIN" echo "" +echo "User Account Information:" +echo " - Service user: factionwar (no password by default)" +echo " - Work as this user: sudo -u factionwar bash" +echo " - Set password (if needed): sudo passwd factionwar" +echo " - Application directory: /opt/faction-war/app" +echo "" echo "Important next steps:" echo "1. Visit https://$DOMAIN and log in with your AUTH_PASSWORD" echo "2. Configure your API keys in the Settings page" @@ -152,7 +182,8 @@ echo "Useful commands:" echo " - Check status: sudo systemctl status faction-war" echo " - View logs: sudo journalctl -u faction-war -f" echo " - Restart: sudo systemctl restart faction-war" -echo " - Update code: cd /opt/faction-war/app && git pull && sudo systemctl restart faction-war" +echo " - Update code: cd /opt/faction-war/app && sudo -u factionwar git pull && sudo systemctl restart faction-war" +echo " - Edit config: sudo -u factionwar nano /opt/faction-war/app/.env" echo "" echo "Security reminders:" echo " - Keep your .env file secure (chmod 600)"