mirror of
https://github.com/myronblair/do-server-config
synced 2026-06-30 09:41:06 -05:00
myron
5b1f83b1ea
- backup.sh: weekly cron collecting scripts, systemd, WG, OLS vhosts, cron, mysql creds - restore.sh: 8-phase interactive disaster recovery wizard - README.md: full rebuild guide, credentials, architecture notes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
355 lines
15 KiB
Bash
355 lines
15 KiB
Bash
#!/usr/bin/env bash
|
|
# =============================================================================
|
|
# DO Server Restore — run on a fresh DigitalOcean Ubuntu 24.04 droplet
|
|
#
|
|
# Usage:
|
|
# bash restore.sh
|
|
#
|
|
# Prerequisites:
|
|
# - Fresh Ubuntu 24.04 droplet at 165.22.1.228
|
|
# - Root SSH access
|
|
# - Run this script BEFORE installing CyberPanel (network/SSH steps)
|
|
# OR after CyberPanel install (full restore)
|
|
# =============================================================================
|
|
|
|
REPO_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
|
|
RED='\033[0;31m'; YELLOW='\033[1;33m'; GREEN='\033[0;32m'; CYAN='\033[0;36m'; BOLD='\033[1m'; NC='\033[0m'
|
|
|
|
header() { echo -e "\n${CYAN}══════════════════════════════════════════════════${NC}"; echo -e "${CYAN}${BOLD} $*${NC}"; echo -e "${CYAN}══════════════════════════════════════════════════${NC}"; }
|
|
success() { echo -e "${GREEN} ✓ $*${NC}"; }
|
|
warn() { echo -e "${YELLOW} ⚠ $*${NC}"; }
|
|
info() { echo -e " → $*"; }
|
|
step() { echo -e "\n${BOLD} $*${NC}"; }
|
|
die() { echo -e "${RED} ✗ $*${NC}" >&2; exit 1; }
|
|
|
|
confirm() {
|
|
echo -e "\n${YELLOW} $1${NC}"
|
|
read -rp " Apply? [Y/n] " ans
|
|
[[ "${ans:-Y}" =~ ^[Yy]$ ]]
|
|
}
|
|
|
|
[[ $(id -u) -eq 0 ]] || die "Must run as root"
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Welcome
|
|
# ---------------------------------------------------------------------------
|
|
clear
|
|
echo -e "${CYAN}"
|
|
cat << 'BANNER'
|
|
╔══════════════════════════════════════════════════════╗
|
|
║ DO SERVER RESTORE — orbis.orbishosting.com ║
|
|
║ 165.22.1.228 | Ubuntu 24.04 | CyberPanel ║
|
|
╚══════════════════════════════════════════════════════╝
|
|
BANNER
|
|
echo -e "${NC}"
|
|
echo " Source : $REPO_DIR"
|
|
echo " Date : $(date)"
|
|
echo ""
|
|
warn "This script restores a fresh Ubuntu 24.04 droplet to full production."
|
|
warn "It is interactive — confirm each step as you go."
|
|
echo ""
|
|
read -rp " Type 'yes' to continue: " confirm_start
|
|
[[ "$confirm_start" == "yes" ]] || { echo "Aborted."; exit 0; }
|
|
|
|
APPLIED=(); SKIPPED=()
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# PHASE 1: SSH & NETWORK
|
|
# ---------------------------------------------------------------------------
|
|
header "PHASE 1 — SSH & Network"
|
|
|
|
step "1.1 SSH authorized_keys"
|
|
if [[ -f "$REPO_DIR/ssh/authorized_keys" ]]; then
|
|
if confirm "Restore SSH authorized_keys?"; then
|
|
mkdir -p /root/.ssh && chmod 700 /root/.ssh
|
|
cp "$REPO_DIR/ssh/authorized_keys" /root/.ssh/authorized_keys
|
|
chmod 600 /root/.ssh/authorized_keys
|
|
success "authorized_keys restored"
|
|
APPLIED+=("ssh")
|
|
else; SKIPPED+=("ssh"); fi
|
|
fi
|
|
|
|
step "1.2 Hostname"
|
|
if confirm "Set hostname to 'orbis'?"; then
|
|
hostnamectl set-hostname orbis
|
|
success "Hostname set"
|
|
APPLIED+=("hostname")
|
|
else; SKIPPED+=("hostname"); fi
|
|
|
|
step "1.3 WireGuard VPN"
|
|
if [[ -d "$REPO_DIR/wireguard" ]] && confirm "Restore WireGuard configs and enable wg0?"; then
|
|
apt install -y wireguard -q 2>/dev/null
|
|
cp "$REPO_DIR/wireguard/"*.conf /etc/wireguard/ 2>/dev/null || true
|
|
chmod 600 /etc/wireguard/*.conf
|
|
systemctl enable wg-quick@wg0
|
|
systemctl start wg-quick@wg0 2>/dev/null || warn "wg0 start failed — check /etc/wireguard/wg0.conf peers"
|
|
success "WireGuard configs restored"
|
|
APPLIED+=("wireguard")
|
|
else; SKIPPED+=("wireguard"); fi
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# PHASE 2: CyberPanel (manual step — cannot automate)
|
|
# ---------------------------------------------------------------------------
|
|
header "PHASE 2 — CyberPanel Install"
|
|
|
|
echo ""
|
|
warn "CyberPanel must be installed manually before continuing with web setup."
|
|
warn "Run these commands in a separate terminal, then come back here."
|
|
echo ""
|
|
info "Install CyberPanel (OpenLiteSpeed, PHP, MySQL, Postfix, PowerDNS):"
|
|
echo ""
|
|
echo -e " ${BOLD}sh <(curl https://cyberpanel.net/install.sh)${NC}"
|
|
echo ""
|
|
info "During install, choose:"
|
|
info " • OpenLiteSpeed (not LiteSpeed Enterprise)"
|
|
info " • Install Full service (PowerDNS, Postfix, Pure-FTPd)"
|
|
info " • Set admin password when prompted"
|
|
info " • PHP versions to install: 8.1, 8.2, 8.3, 8.4, 8.5"
|
|
echo ""
|
|
read -rp " Press ENTER once CyberPanel is fully installed... "
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# PHASE 3: MySQL
|
|
# ---------------------------------------------------------------------------
|
|
header "PHASE 3 — MySQL Credentials"
|
|
|
|
step "3.1 MySQL root credentials"
|
|
if [[ -f "$REPO_DIR/mysql/my.cnf" ]]; then
|
|
if confirm "Restore /root/.my.cnf (MySQL root credentials)?"; then
|
|
cp "$REPO_DIR/mysql/my.cnf" /root/.my.cnf
|
|
chmod 600 /root/.my.cnf
|
|
success "MySQL credentials restored"
|
|
APPLIED+=("mysql-creds")
|
|
else; SKIPPED+=("mysql-creds"); fi
|
|
fi
|
|
|
|
step "3.2 Restore databases"
|
|
info "Databases to restore: $(cat $REPO_DIR/mysql/databases.txt 2>/dev/null | tr '\n' ' ')"
|
|
echo ""
|
|
warn "Databases are restored from the JARVIS daily backup (not this repo)."
|
|
info "Latest backup is at: /var/backups/jarvis/ (if migrating from old server)"
|
|
info " OR download from the old server:"
|
|
info " scp root@165.22.1.228:/var/backups/jarvis/jarvis_backup_latest.tar.gz /tmp/"
|
|
echo ""
|
|
info "To restore manually after getting the backup file:"
|
|
info " tar -xzf jarvis_backup_*.tar.gz"
|
|
info " mysql -u root -p jarvis_db < sql/jarvis_db.sql"
|
|
info " mysql -u root -p toms_tjj_db < sql/toms_tjj_db.sql"
|
|
info " # (repeat for each database in sql/)"
|
|
echo ""
|
|
info "DB users/passwords are in each site's gitignored config file:"
|
|
info " jarvis_db → jarvis_user / J4rv1s_Pr0t0c0l_2026!"
|
|
info " toms_tjj_db → toms_tjj_user / +60wlPc+55e@gFq4"
|
|
info " tomt_ttg_db → tomt_ttg_user / q#q+mrOcozsa7I6J"
|
|
info " epic_epic_db → epic_epic_user / (see epictravelexpeditions api/config.php)"
|
|
info " epic_parkersling → epic_parkersling / Joker1974!!!"
|
|
info " parker_db → parker_user / (see parkerslingshotrentals db config)"
|
|
read -rp " Press ENTER to continue... "
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# PHASE 4: Websites
|
|
# ---------------------------------------------------------------------------
|
|
header "PHASE 4 — Websites (GitHub → server)"
|
|
|
|
step "4.1 Create websites in CyberPanel"
|
|
warn "Each site must be created in CyberPanel before pulling code."
|
|
echo ""
|
|
info "Go to CyberPanel → Websites → Create Website for each:"
|
|
echo ""
|
|
printf " %-45s %s\n" "Domain" "PHP"
|
|
printf " %-45s %s\n" "------" "---"
|
|
printf " %-45s %s\n" "jarvis.orbishosting.com" "8.5"
|
|
printf " %-45s %s\n" "tomsjavajive.com" "8.5"
|
|
printf " %-45s %s\n" "epictravelexpeditions.com" "8.5"
|
|
printf " %-45s %s\n" "parkerslingshotrentals.com" "8.5"
|
|
printf " %-45s %s\n" "orbishosting.com" "8.5"
|
|
printf " %-45s %s\n" "orbis.orbishosting.com" "8.5"
|
|
printf " %-45s %s\n" "tomtomgames.com" "8.5"
|
|
echo ""
|
|
read -rp " Press ENTER once all sites are created in CyberPanel... "
|
|
|
|
step "4.2 Pull website code from GitHub"
|
|
PAT="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"
|
|
declare -A SITE_REPOS=(
|
|
["jarvis.orbishosting.com"]="jarvis"
|
|
["tomsjavajive.com"]="tomsjavajive"
|
|
["epictravelexpeditions.com"]="epictravelexpeditions"
|
|
["parkerslingshotrentals.com"]="parkerslingshotrentals"
|
|
["orbishosting.com"]="orbishosting"
|
|
["orbis.orbishosting.com"]="orbis-hosting-portal"
|
|
["tomtomgames.com"]="tomtomgames"
|
|
)
|
|
|
|
if confirm "Pull all site repos from GitHub into /home/*/public_html/?"; then
|
|
for domain in "${!SITE_REPOS[@]}"; do
|
|
repo="${SITE_REPOS[$domain]}"
|
|
target="/home/$domain/public_html"
|
|
if [[ -d "$target" ]]; then
|
|
info "Cloning $repo → $target"
|
|
# Preserve existing CyberPanel-created files, then overlay git
|
|
tmpdir=$(mktemp -d)
|
|
git clone "https://${PAT}@github.com/myronblair/$repo.git" "$tmpdir" -q 2>&1
|
|
rsync -a --exclude='.git' "$tmpdir/" "$target/"
|
|
rm -rf "$tmpdir"
|
|
success "$domain pulled"
|
|
else
|
|
warn " $target doesn't exist — create the site in CyberPanel first"
|
|
fi
|
|
done
|
|
# Parker Slingshot subfolder
|
|
if [[ -d /home/epictravelexpeditions.com ]]; then
|
|
info "Cloning parkerslingshot subfolder"
|
|
git clone "https://${PAT}@github.com/myronblair/parkerslingshot.git" \
|
|
/home/epictravelexpeditions.com/parkerslingshot -q 2>&1 && \
|
|
success "parkerslingshot cloned" || warn "parkerslingshot clone failed"
|
|
fi
|
|
APPLIED+=("websites")
|
|
else; SKIPPED+=("websites"); fi
|
|
|
|
step "4.3 Restore gitignored config files"
|
|
warn "These files contain credentials and are NOT in GitHub."
|
|
warn "They must be manually recreated or copied from backup."
|
|
echo ""
|
|
info "Required config files:"
|
|
info " /home/jarvis.orbishosting.com/api/config.php (all JARVIS credentials)"
|
|
info " /home/tomsjavajive.com/config/database.php (TJJ database)"
|
|
info " /home/epictravelexpeditions.com/api/config.php"
|
|
info " /home/parkerslingshotrentals.com/admin/config.php (if separate)"
|
|
echo ""
|
|
info "Reference templates are in each repo's api/config.php.example or similar."
|
|
info "DB creds are documented above in step 3.2."
|
|
read -rp " Press ENTER once config files are restored... "
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# PHASE 5: Custom Scripts & Services
|
|
# ---------------------------------------------------------------------------
|
|
header "PHASE 5 — Custom Scripts, Systemd, Cron"
|
|
|
|
step "5.1 Custom scripts to /usr/local/bin"
|
|
if [[ -d "$REPO_DIR/scripts" ]] && confirm "Restore custom scripts?"; then
|
|
cp "$REPO_DIR/scripts/"* /usr/local/bin/ 2>/dev/null || true
|
|
chmod +x /usr/local/bin/jarvis-*.sh /usr/local/bin/jarvis-*.py \
|
|
/usr/local/bin/ttg-backup.sh /usr/local/bin/do-server-backup 2>/dev/null || true
|
|
success "Scripts restored"
|
|
APPLIED+=("scripts")
|
|
else; SKIPPED+=("scripts"); fi
|
|
|
|
step "5.2 Systemd service units"
|
|
if [[ -d "$REPO_DIR/systemd" ]] && confirm "Restore and enable custom systemd units?"; then
|
|
for unit in "$REPO_DIR/systemd/"*.service; do
|
|
[[ -f "$unit" ]] || continue
|
|
bname=$(basename "$unit")
|
|
cp "$unit" /etc/systemd/system/
|
|
systemctl enable "$bname" 2>/dev/null || true
|
|
info " Enabled: $bname"
|
|
done
|
|
systemctl daemon-reload
|
|
success "Systemd units restored and enabled"
|
|
APPLIED+=("systemd")
|
|
warn "jarvis-agent will fail until JARVIS DB is running — start it after DB restore"
|
|
else; SKIPPED+=("systemd"); fi
|
|
|
|
step "5.3 Root crontab (custom entries)"
|
|
if [[ -f "$REPO_DIR/cron/root_custom" ]] && confirm "Restore custom crontab entries?"; then
|
|
# Merge with existing CyberPanel crontab
|
|
CURRENT=$(crontab -l 2>/dev/null || true)
|
|
CUSTOM=$(cat "$REPO_DIR/cron/root_custom")
|
|
# Deduplicate
|
|
{ echo "$CURRENT"; echo ""; echo "# --- Restored custom entries ---"; echo "$CUSTOM"; } | \
|
|
sort -u | crontab -
|
|
success "Custom crontab entries restored"
|
|
info "Review with: crontab -l"
|
|
APPLIED+=("crontab")
|
|
else; SKIPPED+=("crontab"); fi
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# PHASE 6: OLS Vhost Configs
|
|
# ---------------------------------------------------------------------------
|
|
header "PHASE 6 — OpenLiteSpeed Vhost Configs"
|
|
|
|
if [[ -d "$REPO_DIR/ols-vhosts" ]]; then
|
|
step "6.1 Restore OLS vhost config files"
|
|
warn "CyberPanel manages these files — overwriting may cause conflicts."
|
|
warn "Only do this if CyberPanel's auto-generated configs are wrong."
|
|
echo ""
|
|
info "Vhost configs backed up:"
|
|
ls "$REPO_DIR/ols-vhosts/" | grep -v "^httpd\|^site-list" | sed 's/^/ /'
|
|
echo ""
|
|
if confirm "Restore OLS vhost .conf files to /usr/local/lsws/conf/vhosts/?"; then
|
|
for vdir in "$REPO_DIR/ols-vhosts/"/*/; do
|
|
vname=$(basename "$vdir")
|
|
[[ -d "/usr/local/lsws/conf/vhosts/$vname" ]] || mkdir -p "/usr/local/lsws/conf/vhosts/$vname"
|
|
cp "$vdir"*.conf "/usr/local/lsws/conf/vhosts/$vname/" 2>/dev/null || true
|
|
info " Restored: $vname"
|
|
done
|
|
systemctl reload lsws 2>/dev/null || systemctl restart lsws 2>/dev/null
|
|
success "OLS vhost configs restored and OLS reloaded"
|
|
APPLIED+=("ols-vhosts")
|
|
else
|
|
SKIPPED+=("ols-vhosts")
|
|
info "Skipped — CyberPanel will auto-generate vhost configs when sites are created"
|
|
fi
|
|
fi
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# PHASE 7: SSL / HTTPS
|
|
# ---------------------------------------------------------------------------
|
|
header "PHASE 7 — SSL Certificates"
|
|
|
|
echo ""
|
|
info "SSL certs are NOT backed up here (they're in /etc/letsencrypt/)."
|
|
info "Re-issue via CyberPanel → SSL → Issue SSL for each domain."
|
|
info " OR run: certbot certonly --webroot -w /home/<domain>/public_html -d <domain>"
|
|
echo ""
|
|
info "After SSL is issued, each site's OLS vhost will auto-update."
|
|
read -rp " Press ENTER to continue... "
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# PHASE 8: JARVIS-Specific
|
|
# ---------------------------------------------------------------------------
|
|
header "PHASE 8 — JARVIS Services"
|
|
|
|
step "8.1 JARVIS deploy + watchdog scripts"
|
|
info "jarvis-deploy.sh and jarvis-watchdog.sh are already restored via Step 5.1"
|
|
info "Verify cron entries are active: crontab -l | grep jarvis"
|
|
|
|
step "8.2 JARVIS agent"
|
|
info "Start JARVIS agent service:"
|
|
info " systemctl start jarvis-agent"
|
|
info " journalctl -u jarvis-agent -f"
|
|
|
|
step "8.3 Backup script"
|
|
info "Install this backup script as /usr/local/bin/do-server-backup:"
|
|
if confirm "Install do-server-backup cron (weekly Sunday 4am)?"; then
|
|
cp "$REPO_DIR/backup.sh" /usr/local/bin/do-server-backup
|
|
chmod +x /usr/local/bin/do-server-backup
|
|
(crontab -l 2>/dev/null | grep -v do-server-backup; \
|
|
echo "0 4 * * 0 /usr/local/bin/do-server-backup >> /var/log/do-server-backup.log 2>&1") | crontab -
|
|
success "Backup cron installed"
|
|
APPLIED+=("backup-cron")
|
|
else; SKIPPED+=("backup-cron"); fi
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Summary
|
|
# ---------------------------------------------------------------------------
|
|
header "Restore Complete"
|
|
echo ""
|
|
[[ ${#APPLIED[@]} -gt 0 ]] && success "Applied: ${APPLIED[*]}"
|
|
[[ ${#SKIPPED[@]} -gt 0 ]] && warn "Skipped: ${SKIPPED[*]}"
|
|
echo ""
|
|
echo -e "${YELLOW} Final checklist:${NC}"
|
|
echo " • Test https://jarvis.orbishosting.com"
|
|
echo " • Test https://tomsjavajive.com"
|
|
echo " • Check OLS status: systemctl status lsws"
|
|
echo " • Check MySQL: systemctl status mysql"
|
|
echo " • Check JARVIS agent: systemctl status jarvis-agent"
|
|
echo " • Verify webhook: curl -s https://jarvis.orbishosting.com/webhook.php"
|
|
echo " • Check WireGuard: wg show"
|
|
echo " • Confirm crons: crontab -l"
|
|
echo " • Point GitHub webhooks to new server IP (if IP changed)"
|
|
echo ""
|
|
echo " CyberPanel admin: https://165.22.1.228:8090"
|
|
echo " JARVIS: https://jarvis.orbishosting.com"
|
|
echo ""
|