diff --git a/infra/.env.example b/infra/.env.example new file mode 100644 index 0000000..fd0c922 --- /dev/null +++ b/infra/.env.example @@ -0,0 +1,7 @@ +# Copy to infra/.env and fill in before running ./start.sh + +# Your domain — subdomains will be: .yourdomain.com +DOMAIN_SUFFIX=yourdomain.com + +# Email for Let's Encrypt registration (not public, just for cert renewal notices). +ACME_EMAIL=you@yourdomain.com diff --git a/infra/start.sh b/infra/start.sh index 822e569..e020d54 100755 --- a/infra/start.sh +++ b/infra/start.sh @@ -1,7 +1,65 @@ #!/usr/bin/env bash set -euo pipefail -cd "$(dirname "$0")" +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +cd "$SCRIPT_DIR" +# ── Load .env ────────────────────────────────────────────────────────────────── +if [ -f .env ]; then + set -a; source .env; set +a +fi + +DOMAIN_SUFFIX="${DOMAIN_SUFFIX:-}" +ACME_EMAIL="${ACME_EMAIL:-}" + +# ── Validate ─────────────────────────────────────────────────────────────────── +if [ -z "$DOMAIN_SUFFIX" ] || [ "$DOMAIN_SUFFIX" = "localhost" ]; then + echo "ERROR: Set DOMAIN_SUFFIX to your real domain in infra/.env" + exit 1 +fi + +if [ -z "$ACME_EMAIL" ]; then + echo "ERROR: Set ACME_EMAIL in infra/.env (required for Let's Encrypt)" + exit 1 +fi + +# ── Generate production caddy.json ───────────────────────────────────────────── +# Writes TLS-enabled config using Let's Encrypt (no Cloudflare required). +# Caddy will use the HTTP-01 challenge (port 80) or TLS-ALPN-01 (port 443). +cat > "$SCRIPT_DIR/../proxy/caddy.json" <