From bd41e6bec464d44d05538554895bee64e9b5bd4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sedat=20=C3=96ZT=C3=9CRK?= <76204082+iamsedatozturk@users.noreply.github.com> Date: Thu, 8 May 2025 22:16:55 +0300 Subject: [PATCH] =?UTF-8?q?tek=20sunucuda=20=C3=A7al=C4=B1=C5=9Fabilecek?= =?UTF-8?q?=20=C5=9Fekilde?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- configs/deployment/Readme_Nginx.md | 11 ++ configs/deployment/Readme_Webmin.md | 44 +++++++ configs/deployment/configs/nginx-devops.conf | 71 ----------- configs/deployment/configs/nginx.conf | 110 ++++++++++++++++++ configs/deployment/configs/nginx.dev.conf | 49 -------- .../deployment/configs/nginx.production.conf | 49 -------- .../docker-compose-app.production.yml | 8 +- configs/deployment/docker-compose-app.yml | 52 ++++++--- .../docker-compose-devops-forgejo.yml | 26 ----- configs/deployment/docker-compose-devops.yml | 67 ++++++----- configs/deployment/scripts/2-data.sh | 4 + configs/deployment/scripts/3-devops.sh | 4 + .../deployment/scripts/{2-app.sh => 4-app.sh} | 0 .../scripts/{2-migrator.sh => 5-migrator.sh} | 0 deploy-dev.sh | 2 +- deploy-production.sh | 2 +- 16 files changed, 252 insertions(+), 247 deletions(-) create mode 100644 configs/deployment/Readme_Nginx.md create mode 100644 configs/deployment/Readme_Webmin.md delete mode 100644 configs/deployment/configs/nginx-devops.conf create mode 100644 configs/deployment/configs/nginx.conf delete mode 100644 configs/deployment/configs/nginx.dev.conf delete mode 100644 configs/deployment/configs/nginx.production.conf delete mode 100644 configs/deployment/docker-compose-devops-forgejo.yml create mode 100644 configs/deployment/scripts/2-data.sh create mode 100644 configs/deployment/scripts/3-devops.sh rename configs/deployment/scripts/{2-app.sh => 4-app.sh} (100%) rename configs/deployment/scripts/{2-migrator.sh => 5-migrator.sh} (100%) diff --git a/configs/deployment/Readme_Nginx.md b/configs/deployment/Readme_Nginx.md new file mode 100644 index 00000000..86173e18 --- /dev/null +++ b/configs/deployment/Readme_Nginx.md @@ -0,0 +1,11 @@ +sudo apt update +sudo apt install nginx -y +sudo systemctl status nginx +sudo rm /etc/nginx/sites-enabled/nginx.conf +sudo cp ~/kurs-platform/configs/deployment/configs/nginx.conf /etc/nginx/sites-available/ +sudo ln -s /etc/nginx/sites-available/nginx.conf /etc/nginx/sites-enabled/ +sudo cp -r ./sozsoft.com /etc/ssl/sozsoft.com +sudo systemctl restart nginx +sudo nginx -t + +docker run --rm -v kurs-devops_n8n_data:/data alpine chown -R 1000:1000 /data \ No newline at end of file diff --git a/configs/deployment/Readme_Webmin.md b/configs/deployment/Readme_Webmin.md new file mode 100644 index 00000000..431c083b --- /dev/null +++ b/configs/deployment/Readme_Webmin.md @@ -0,0 +1,44 @@ +# Webmin Kurulumu + +sudo apt update && sudo apt upgrade -y + +sudo apt install software-properties-common apt-transport-https wget -y +wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add - +sudo add-apt-repository "deb http://download.webmin.com/download/repository sarge contrib" + +sudo apt update +sudo apt install webmin -y + +sudo ufw allow 22 +sudo ufw allow 25 +sudo ufw allow 143 +sudo ufw allow 587 +sudo ufw allow 993 +sudo ufw allow 10000 +sudo ufw allow 222 # Forgejo SSH +sudo ufw allow 3000 # Forgejo Web Arayüzü +sudo ufw allow 3001 # Rocket.Chat +sudo ufw allow 27017 # MongoDB (gerekirse dış erişim) +sudo ufw allow 5678 # n8n +sudo ufw allow 6379 # Redis (gerekliyse dış erişim) +sudo ufw allow 5432 # PostgreSQL (gerekliyse dış erişim) +sudo ufw allow 8080 # API (backend) +sudo ufw allow 3002 # UI (frontend) +sudo ufw allow 8081 # CDN +sudo ufw allow 80 # HTTP +sudo ufw allow 443 # HTTPS +sudo ufw enable + +kullanıcı adı:ssh kullanıcısı +parola: ssh parolası +ssl kurulumu yapılacak + +# Postfix & Dovecot Kurulumu +sudo apt update +sudo apt install postfix dovecot-core dovecot-imapd dovecot-pop3d -y + +Mail server configuration type: Internet Site +System mail name: örneğin mail.sozsoft.com + +sudo systemctl restart postfix +sudo systemctl restart dovecot diff --git a/configs/deployment/configs/nginx-devops.conf b/configs/deployment/configs/nginx-devops.conf deleted file mode 100644 index 7b0e7e1d..00000000 --- a/configs/deployment/configs/nginx-devops.conf +++ /dev/null @@ -1,71 +0,0 @@ -server { - listen 80 default_server; - listen [::]:80 default_server; - - location / { - return 301 https://$host$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name devops.sozsoft.com; - - ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; - ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; - - location / { - proxy_pass http://forgejo:3000; - proxy_set_header Connection $http_connection; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - client_max_body_size 512M; - } -} - -server { - listen 443 ssl; - server_name chat.sozsoft.com; - - ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; - ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; - - location / { - proxy_pass http://rocket_chat; - proxy_set_header Connection $http_connection; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - client_max_body_size 512M; - } -} - -server { - listen 443 ssl; - server_name ai.sozsoft.com; - - ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; - ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; - - location / { - proxy_pass http://n8n:5678; - proxy_set_header Connection $http_connection; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - - client_max_body_size 512M; - } -} \ No newline at end of file diff --git a/configs/deployment/configs/nginx.conf b/configs/deployment/configs/nginx.conf new file mode 100644 index 00000000..bb4f4698 --- /dev/null +++ b/configs/deployment/configs/nginx.conf @@ -0,0 +1,110 @@ +# HTTP'den HTTPS'e yönlendirme +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + + location / { + return 301 https://$host$request_uri; + } +} + +# devops.sozsoft.com - Forgejo +server { + listen 443 ssl http2; + server_name devops.sozsoft.com; + + ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; + ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; + + location / { + proxy_pass http://127.0.0.1:3000; + include /etc/nginx/proxy_params; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + client_max_body_size 512M; + } +} + +# chat.sozsoft.com - Rocket.Chat +server { + listen 443 ssl; + server_name chat.sozsoft.com; + + ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; + ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; + + location / { + proxy_pass http://127.0.0.1:3001; # ← PORT bilgisi güncellendi + include /etc/nginx/proxy_params; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + client_max_body_size 512M; + } +} + +# ai.sozsoft.com - n8n +server { + listen 443 ssl; + server_name ai.sozsoft.com; + + ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; + ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; + + location / { + proxy_pass http://127.0.0.1:5678; + include /etc/nginx/proxy_params; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + client_max_body_size 512M; + } +} + +# platform.sozsoft.com +server { + listen 443 ssl http2; + server_name platform.sozsoft.com; + + ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; + ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; + + underscores_in_headers on; + ignore_invalid_headers off; + large_client_header_buffers 4 16k; + + location / { + proxy_pass http://127.0.0.1:3002; # ← PORT belirtildi + include /etc/nginx/proxy_params; + } +} + +# platform-api.sozsoft.com +server { + listen 443 ssl; + server_name platform-api.sozsoft.com; + + ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; + ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; + + location / { + proxy_pass http://127.0.0.1:8080/; + include /etc/nginx/proxy_params; + } +} + +# platform-cdn.sozsoft.com +server { + listen 443 ssl; + server_name platform-cdn.sozsoft.com; + + ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; + ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; + + location / { + proxy_pass http://127.0.0.1:8081; + include /etc/nginx/proxy_params; + } +} diff --git a/configs/deployment/configs/nginx.dev.conf b/configs/deployment/configs/nginx.dev.conf deleted file mode 100644 index a9cf3726..00000000 --- a/configs/deployment/configs/nginx.dev.conf +++ /dev/null @@ -1,49 +0,0 @@ -server { - listen 80; - listen 443 ssl http2; - server_name platform-dev.sozsoft.com; - underscores_in_headers on; - ignore_invalid_headers off; - - ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; - ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; - - location / { - proxy_pass http://ui; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} - -server { - listen 80; - listen 443 ssl; - server_name platform-dev-api.sozsoft.com; - - ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; - ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; - - location / { - proxy_pass http://api:8080/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} - -server { - listen 80; - listen 443 ssl; - server_name platform-dev-cdn.sozsoft.com; - - ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; - ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; - - location / { - proxy_pass http://cdn:8080; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} diff --git a/configs/deployment/configs/nginx.production.conf b/configs/deployment/configs/nginx.production.conf deleted file mode 100644 index d5245c5e..00000000 --- a/configs/deployment/configs/nginx.production.conf +++ /dev/null @@ -1,49 +0,0 @@ -server { - listen 80; - listen 443 ssl http2; - server_name platform.sozsoft.com; - underscores_in_headers on; - ignore_invalid_headers off; - - ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; - ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; - - location / { - proxy_pass http://ui; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} - -server { - listen 80; - listen 443 ssl; - server_name platform-api.sozsoft.com; - - ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; - ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; - - location / { - proxy_pass http://api:8080/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} - -server { - listen 80; - listen 443 ssl; - server_name platform-cdn.sozsoft.com; - - ssl_certificate /etc/ssl/sozsoft.com/cert1.pem; - ssl_certificate_key /etc/ssl/sozsoft.com/privkey1.pem; - - location / { - proxy_pass http://cdn:8080; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} diff --git a/configs/deployment/docker-compose-app.production.yml b/configs/deployment/docker-compose-app.production.yml index 927d98bb..2db39316 100644 --- a/configs/deployment/docker-compose-app.production.yml +++ b/configs/deployment/docker-compose-app.production.yml @@ -16,7 +16,7 @@ services: restart: always cdn: restart: always - nginx: - restart: always - volumes: - - ./configs/nginx.production.conf:/etc/nginx/conf.d/default.conf + # nginx: + # restart: always + # volumes: + # - ./configs/nginx.production.conf:/etc/nginx/conf.d/default.conf diff --git a/configs/deployment/docker-compose-app.yml b/configs/deployment/docker-compose-app.yml index 1322da05..15a1ab1c 100644 --- a/configs/deployment/docker-compose-app.yml +++ b/configs/deployment/docker-compose-app.yml @@ -9,6 +9,8 @@ volumes: api-keys: services: + + # Veritabanı migrasyonları için geçici servis (kapsam dışı) migrator: image: devops.sozsoft.com/kurs/kurs-platform-migrator:latest profiles: ["migrator"] @@ -17,39 +19,61 @@ services: - SEED=${SEED} networks: - kurs-platform-data_db + + # Backend API api: image: devops.sozsoft.com/kurs/kurs-platform-api:latest + container_name: kurs-api profiles: ["app"] environment: - ASPNETCORE_ENVIRONMENT=Dev - networks: - - kurs-platform-data_db - - default + ports: + - 8080:8080 # ⚠️ NGINX için eklendi volumes: - cdn:/etc/api/cdn - api-keys:/root/.aspnet/DataProtection-Keys + networks: + - kurs-platform-data_db + - default + + # Frontend (UI) ui: image: devops.sozsoft.com/kurs/kurs-platform-ui:latest + container_name: kurs-ui profiles: ["app"] + ports: + - 3002:80 # ⚠️ UI uygulaması için dış port açıldı networks: - default + + # Statik dosya sunucusu (CDN) cdn: image: tozlu/http-server:latest + container_name: kurs-cdn profiles: ["app"] - networks: - - default working_dir: /srv/http-server volumes: - cdn:/public:ro command: "/public -c10 --cors" - nginx: - image: nginx:1.27-alpine - profiles: ["app"] + ports: + - 8081:8080 # Dış:İç (doğru port eşlemesi) networks: - default - ports: - - 80:80 - - 443:443 - volumes: - - ./configs/nginx.conf:/etc/nginx/conf.d/default.conf - - ~/sozsoft.com:/etc/ssl/sozsoft.com:ro + + # NGINX konteyneri (opsiyonel - eğer sistemde yoksa) + # nginx: + # image: nginx:1.27-alpine + # container_name: kurs-nginx + # profiles: ["app"] + # ports: + # - 80:80 + # - 443:443 + # volumes: + # - ./configs/nginx.conf:/etc/nginx/conf.d/default.conf + # - ~/sozsoft.com:/etc/ssl/sozsoft.com:ro + # networks: + # - default + # depends_on: + # - api + # - cdn + # - ui \ No newline at end of file diff --git a/configs/deployment/docker-compose-devops-forgejo.yml b/configs/deployment/docker-compose-devops-forgejo.yml deleted file mode 100644 index 2b0bc60a..00000000 --- a/configs/deployment/docker-compose-devops-forgejo.yml +++ /dev/null @@ -1,26 +0,0 @@ -# DevOps Platform (Forgejo) -name: kurs-devops - -networks: - forgejo: - external: false - -services: - forgejo: - image: codeberg.org/forgejo/forgejo:9 - container_name: forgejo - environment: - - USER_UID=1000 - - USER_GID=1000 - restart: always - networks: - - forgejo - volumes: - - ./data:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - - /etc/letsencrypt/archive/sozsoft.com:/etc/ssl:ro - ports: - - "80:80" - - "443:443" - - "222:22" diff --git a/configs/deployment/docker-compose-devops.yml b/configs/deployment/docker-compose-devops.yml index 6091ab04..0566faa8 100644 --- a/configs/deployment/docker-compose-devops.yml +++ b/configs/deployment/docker-compose-devops.yml @@ -15,54 +15,56 @@ volumes: n8n_data: services: - nginx: - image: nginx:1.27-alpine - networks: - - forgejo - - rocket - - n8n - ports: - - 80:80 - - 443:443 - volumes: - - ./configs/nginx-devops.conf:/etc/nginx/conf.d/default.conf - - ~/sozsoft.com:/etc/ssl/sozsoft.com:ro - depends_on: - - forgejo - - rocket_mongodb - - n8n + + # nginx: + # image: nginx:1.27-alpine + # container_name: nginx-devops + # restart: always + # ports: + # - 80:80 + # - 443:443 + # volumes: + # - ./configs/nginx-devops.conf:/etc/nginx/conf.d/default.conf + # - ~/sozsoft.com:/etc/ssl/sozsoft.com:ro + # networks: + # - forgejo + # - rocket + # - n8n + # depends_on: + # - forgejo + # - rocket_chat + # - n8n forgejo: image: codeberg.org/forgejo/forgejo:9 + container_name: forgejo + restart: always environment: - USER_UID=1000 - USER_GID=1000 - restart: always - networks: - - forgejo + ports: + - 222:22 + - 3000:3000 # ⚠️ Eklendi: HTTP arayüz için gerekli! volumes: - ~/forgejo/data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - /etc/letsencrypt/archive/sozsoft.com:/etc/ssl:ro - ports: - - 222:22 + networks: + - forgejo rocket_chat: image: registry.rocket.chat/rocketchat/rocket.chat:latest + container_name: rocketchat restart: always - labels: - traefik.enable: "true" - traefik.http.routers.rocketchat.rule: Host(`${DOMAIN:-}`) - traefik.http.routers.rocketchat.tls: "true" - traefik.http.routers.rocketchat.entrypoints: https - traefik.http.routers.rocketchat.tls.certresolver: le environment: MONGO_URL: "mongodb://bot:JT74Sb2Tb3@rocket_mongodb:27017/rocketchat?authSource=admin&replicaSet=rs0" MONGO_OPLOG_URL: "mongodb://bot:JT74Sb2Tb3@rocket_mongodb:27017/local?authSource=admin&replicaSet=rs0" ROOT_URL: https://chat.sozsoft.com - PORT: 80 + PORT: 3001 DEPLOY_METHOD: docker + ports: + - 3001:3001 # ⚠️ Düzeltildi depends_on: - rocket_mongodb networks: @@ -70,9 +72,8 @@ services: rocket_mongodb: image: docker.io/bitnami/mongodb:8.0 + container_name: rocket-mongo restart: always - volumes: - - rocket_mongodb_data:/bitnami/mongodb environment: MONGODB_REPLICA_SET_MODE: primary MONGODB_REPLICA_SET_NAME: rs0 @@ -85,6 +86,8 @@ services: MONGODB_ROOT_PASSWORD: JT74Sb2Tb3 ports: - 27017:27017 + volumes: + - rocket_mongodb_data:/bitnami/mongodb networks: - rocket @@ -92,6 +95,7 @@ services: build: context: . dockerfile: Dockerfile + container_name: n8n command: n8n ports: - 5678:5678 @@ -106,5 +110,4 @@ services: volumes: - n8n_data:/home/node/.n8n networks: - - n8n - \ No newline at end of file + - n8n \ No newline at end of file diff --git a/configs/deployment/scripts/2-data.sh b/configs/deployment/scripts/2-data.sh new file mode 100644 index 00000000..e8dafa05 --- /dev/null +++ b/configs/deployment/scripts/2-data.sh @@ -0,0 +1,4 @@ +cd ~/kurs-platform/configs/deployment + +docker compose -f docker-compose-data.yml down +docker compose -f docker-compose-data.yml up -d \ No newline at end of file diff --git a/configs/deployment/scripts/3-devops.sh b/configs/deployment/scripts/3-devops.sh new file mode 100644 index 00000000..fb888470 --- /dev/null +++ b/configs/deployment/scripts/3-devops.sh @@ -0,0 +1,4 @@ +cd ~/kurs-platform/configs/deployment + +docker compose -f docker-compose-devops.yml down +docker compose -f docker-compose-devops.yml up -d \ No newline at end of file diff --git a/configs/deployment/scripts/2-app.sh b/configs/deployment/scripts/4-app.sh similarity index 100% rename from configs/deployment/scripts/2-app.sh rename to configs/deployment/scripts/4-app.sh diff --git a/configs/deployment/scripts/2-migrator.sh b/configs/deployment/scripts/5-migrator.sh similarity index 100% rename from configs/deployment/scripts/2-migrator.sh rename to configs/deployment/scripts/5-migrator.sh diff --git a/deploy-dev.sh b/deploy-dev.sh index ef678ce4..06dc357d 100644 --- a/deploy-dev.sh +++ b/deploy-dev.sh @@ -1 +1 @@ -~/kurs-platform/configs/deployment/scripts/2-app.sh dev +~/kurs-platform/configs/deployment/scripts/4-app.sh dev diff --git a/deploy-production.sh b/deploy-production.sh index 12c56477..e022c599 100644 --- a/deploy-production.sh +++ b/deploy-production.sh @@ -1 +1 @@ -~/kurs-platform/configs/deployment/scripts/2-app.sh production +~/kurs-platform/configs/deployment/scripts/4-app.sh production