#!/bin/bash # UrbanGamers VPS Deployment Script # Run this script on your VPS after uploading files via FileZilla echo "🚀 Starting UrbanGamers deployment..." # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # No Color # Function to print colored output print_status() { echo -e "${GREEN}[INFO]${NC} $1" } print_warning() { echo -e "${YELLOW}[WARNING]${NC} $1" } print_error() { echo -e "${RED}[ERROR]${NC} $1" } # Check if running as root if [ "$EUID" -ne 0 ]; then print_error "Please run as root (use sudo)" exit 1 fi # Set variables PROJECT_DIR="/var/www/urbangamers" DOMAIN="urbangamers.es" print_status "Setting up UrbanGamers deployment..." # Step 1: Install dependencies print_status "Installing system dependencies..." apt update -y apt install -y nodejs npm nginx mysql-server git curl # Step 2: Install PM2 print_status "Installing PM2..." npm install -g pm2 # Step 3: Create project directory print_status "Creating project directory..." mkdir -p $PROJECT_DIR cd $PROJECT_DIR # Step 4: Install Node.js dependencies print_status "Installing Node.js dependencies..." npm ci --only=production # Step 5: Build the application print_status "Building the application..." npm run build # Step 6: Set proper permissions print_status "Setting file permissions..." chown -R www-data:www-data $PROJECT_DIR chmod -R 755 $PROJECT_DIR chmod 600 $PROJECT_DIR/.env.local # Step 7: Create logs directory print_status "Creating logs directory..." mkdir -p $PROJECT_DIR/logs chown www-data:www-data $PROJECT_DIR/logs # Step 8: Configure Nginx print_status "Configuring Nginx..." cat > /etc/nginx/sites-available/$DOMAIN << EOF # HTTP to HTTPS redirect server { listen 80; server_name $DOMAIN www.$DOMAIN; return 301 https://\$server_name\$request_uri; } # HTTPS configuration server { listen 443 ssl http2; server_name $DOMAIN www.$DOMAIN; # SSL Configuration (update paths to your SSL certificates) ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; # Security headers add_header X-Frame-Options "DENY" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # Gzip compression gzip on; gzip_vary on; gzip_min_length 1024; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; # Static files caching location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff|woff2|ttf|eot|svg)$ { expires 1y; add_header Cache-Control "public, immutable"; try_files \$uri =404; } # Main application location / { proxy_pass http://localhost:3000; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; proxy_cache_bypass \$http_upgrade; proxy_read_timeout 86400; } # Security: Block access to sensitive files location ~ /\. { deny all; } location ~ \.(env|log|sql)$ { deny all; } } EOF # Enable the site ln -sf /etc/nginx/sites-available/$DOMAIN /etc/nginx/sites-enabled/ rm -f /etc/nginx/sites-enabled/default # Test Nginx configuration nginx -t if [ $? -eq 0 ]; then print_status "Nginx configuration is valid" systemctl reload nginx else print_error "Nginx configuration is invalid" exit 1 fi # Step 9: Configure firewall print_status "Configuring firewall..." ufw --force enable ufw default deny incoming ufw default allow outgoing ufw allow ssh ufw allow 'Nginx Full' # Step 10: Start application with PM2 print_status "Starting application with PM2..." pm2 start ecosystem.config.js --env production pm2 save pm2 startup # Step 11: Set up log rotation print_status "Setting up log rotation..." cat > /etc/logrotate.d/urbangamers << EOF $PROJECT_DIR/logs/*.log { daily missingok rotate 30 compress delaycompress notifempty create 644 www-data www-data } EOF # Step 12: Create SSL certificate (if not exists) if [ ! -d "/etc/letsencrypt/live/$DOMAIN" ]; then print_warning "SSL certificate not found. Installing Certbot..." apt install -y certbot python3-certbot-nginx print_warning "Please run the following command to get SSL certificate:" echo "certbot --nginx -d $DOMAIN -d www.$DOMAIN" echo "" print_warning "After getting SSL certificate, restart the application:" echo "pm2 restart urbangamers" else print_status "SSL certificate found" fi # Step 13: Final checks print_status "Performing final checks..." # Check if PM2 is running if pm2 list | grep -q "urbangamers"; then print_status "✅ Application is running with PM2" else print_error "❌ Application is not running with PM2" fi # Check if Nginx is running if systemctl is-active --quiet nginx; then print_status "✅ Nginx is running" else print_error "❌ Nginx is not running" fi # Check if port 3000 is listening if netstat -tlnp | grep -q ":3000"; then print_status "✅ Application is listening on port 3000" else print_error "❌ Application is not listening on port 3000" fi print_status "🎉 Deployment completed!" print_status "Your UrbanGamers website should be accessible at: https://$DOMAIN" print_status "" print_warning "Important next steps:" echo "1. Update your .env.local file with actual credentials" echo "2. Get SSL certificate: certbot --nginx -d $DOMAIN -d www.$DOMAIN" echo "3. Import your database if you have existing data" echo "4. Test all functionality" echo "" print_status "Useful commands:" echo "- Check logs: pm2 logs urbangamers" echo "- Restart app: pm2 restart urbangamers" echo "- Check status: pm2 status" echo "- Check Nginx: systemctl status nginx" echo "" print_status "Deployment script completed successfully! 🚀"