#!/usr/bin/env bash # Montana node bootstrap — добавляет ваш сервер как зеркало montana.quest:8442 set -euo pipefail UPSTREAM="${MONTANA_UPSTREAM:-https://montana.quest}" PORT=8442 WEBROOT=/var/www/montana_quest CERTDIR=/etc/montana-site c_gold=$'\033[33m'; c_red=$'\033[31m'; c_ink=$'\033[0m'; c_dim=$'\033[2m' say() { printf '%s%s%s\n' "$c_gold" "$1" "$c_ink"; } warn() { printf '%s%s%s\n' "$c_red" "$1" "$c_ink"; } if [[ $EUID -ne 0 ]]; then warn "Запустите через sudo: curl -sL ${UPSTREAM}/install.sh | sudo bash" exit 1 fi say "=== Montana node bootstrap ===" say "Источник: $UPSTREAM" say "Порт зеркала: :$PORT" # 1. nginx if ! command -v nginx >/dev/null 2>&1; then say "→ Установка nginx…" apt-get update -qq DEBIAN_FRONTEND=noninteractive apt-get install -y -qq nginx openssl curl ufw >/dev/null fi # 2. webroot mkdir -p "$WEBROOT" "$CERTDIR" # 3. cтатика say "→ Скачивание сайта…" TMP=$(mktemp -d) curl -sSL "$UPSTREAM/.bootstrap/site.tgz" -o "$TMP/site.tgz" tar -xzf "$TMP/site.tgz" -C "$WEBROOT/" chown -R www-data:www-data "$WEBROOT" rm -rf "$TMP" # 4. cert if [[ -f "$CERTDIR/fullchain.pem" && -f "$CERTDIR/privkey.pem" ]]; then say "→ Cert уже есть, оставляем." elif [[ -n "${LE_DOMAIN:-}" ]]; then say "→ Let's Encrypt для $LE_DOMAIN…" apt-get install -y -qq certbot certbot certonly --standalone --non-interactive --agree-tos --register-unsafely-without-email -d "$LE_DOMAIN" --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" ln -sf "/etc/letsencrypt/live/$LE_DOMAIN/fullchain.pem" "$CERTDIR/fullchain.pem" ln -sf "/etc/letsencrypt/live/$LE_DOMAIN/privkey.pem" "$CERTDIR/privkey.pem" else say "→ Self-signed cert (валиден локально; для публичной валидности задайте LE_DOMAIN=ваш-домен)" openssl req -x509 -newkey rsa:2048 -nodes -days 3650 \ -keyout "$CERTDIR/privkey.pem" -out "$CERTDIR/fullchain.pem" \ -subj "/CN=montana.quest" >/dev/null 2>&1 fi chmod 644 "$CERTDIR"/*.pem chmod 600 "$CERTDIR/privkey.pem" # 5. nginx server-block curl -sSL "$UPSTREAM/.bootstrap/nginx.conf" -o /etc/nginx/sites-available/montana-site ln -sf /etc/nginx/sites-available/montana-site /etc/nginx/sites-enabled/montana-site [[ -L /etc/nginx/sites-enabled/default ]] && rm /etc/nginx/sites-enabled/default # 6. test + reload if ! nginx -t >/dev/null 2>&1; then warn "nginx -t fail:" nginx -t exit 1 fi systemctl enable --now nginx >/dev/null 2>&1 || true systemctl reload nginx # 7. ufw if command -v ufw >/dev/null 2>&1; then ufw allow "$PORT"/tcp >/dev/null 2>&1 || true fi # 8. итог IP=$(curl -s --max-time 5 ifconfig.me || echo '') echo say "═══════════════════════════════════════════" say "✓ Узел подключён к Montana как зеркало" say "═══════════════════════════════════════════" echo " Локально: ${c_dim}curl -k https://localhost:$PORT/${c_ink}" echo " Снаружи: ${c_dim}curl -k --resolve montana.quest:$PORT:$IP https://montana.quest:$PORT/${c_ink}" echo say "Чтобы ваш узел увидела сеть Montana:" echo " 1. Сообщите свой IP $IP админу montana.quest" echo " 2. Cloudflare DNS добавит A-запись round-robin'ом" echo say "Команда обновления:" echo " ${c_dim}curl -sL $UPSTREAM/install.sh | sudo bash${c_ink}"