Initial commit: avc-phone-ai codebase + CLAUDE.md
This commit is contained in:
43
deploy/setup-tls.sh
Executable file
43
deploy/setup-tls.sh
Executable file
@@ -0,0 +1,43 @@
|
||||
#!/usr/bin/env bash
|
||||
# One-shot TLS + nginx reverse-proxy setup for the AVC phone agent.
|
||||
# RUN AS ROOT: sudo bash deploy/setup-tls.sh
|
||||
#
|
||||
# Prerequisites (must be true BEFORE running):
|
||||
# - DNS: voip.activeblue.net -> your WAN IP (done: 66.23.239.222)
|
||||
# - Router forwards external 80 AND 443 -> this box (10.10.1.221)
|
||||
# - nginx running with its default :80 site (used to answer the ACME challenge)
|
||||
#
|
||||
# What it does: installs certbot, gets a Let's Encrypt cert via the webroot challenge
|
||||
# (served by the existing default :80 site), installs the vhost + ws-upgrade map, then
|
||||
# tests and reloads nginx. Idempotent-ish; safe to re-run.
|
||||
set -euo pipefail
|
||||
|
||||
DOMAIN="voip.activeblue.net"
|
||||
EMAIL="mr.garcia09@gmail.com"
|
||||
APP_DIR="/home/tocmo0nlord/avc-phone"
|
||||
WEBROOT="/var/www/html"
|
||||
|
||||
if [ "$(id -u)" -ne 0 ]; then echo "Run as root (sudo)."; exit 1; fi
|
||||
|
||||
echo "==> 1/4 install certbot"
|
||||
if ! command -v certbot >/dev/null 2>&1; then
|
||||
apt-get update && apt-get install -y certbot
|
||||
fi
|
||||
|
||||
echo "==> 2/4 obtain certificate for $DOMAIN (webroot challenge)"
|
||||
mkdir -p "$WEBROOT/.well-known/acme-challenge"
|
||||
certbot certonly --webroot -w "$WEBROOT" -d "$DOMAIN" \
|
||||
--non-interactive --agree-tos -m "$EMAIL" --keep-until-expiring
|
||||
|
||||
echo "==> 3/4 install nginx vhost + ws-upgrade map"
|
||||
cp "$APP_DIR/deploy/nginx-ws-upgrade.conf" /etc/nginx/conf.d/ws-upgrade.conf
|
||||
cp "$APP_DIR/deploy/nginx-voip.activeblue.net.conf" /etc/nginx/sites-available/voip.activeblue.net
|
||||
ln -sf /etc/nginx/sites-available/voip.activeblue.net /etc/nginx/sites-enabled/voip.activeblue.net
|
||||
|
||||
echo "==> 4/4 test + reload nginx"
|
||||
nginx -t
|
||||
systemctl reload nginx
|
||||
|
||||
echo
|
||||
echo "Done. Verify: curl https://$DOMAIN/health"
|
||||
echo "Cert auto-renews via the certbot systemd timer; nginx reload on renew is handled by certbot's deploy hook."
|
||||
Reference in New Issue
Block a user