From de6199bbf2cc97b2906013577a1a67804da093cb Mon Sep 17 00:00:00 2001 From: david_bai Date: Sat, 28 Feb 2026 12:37:57 +0800 Subject: [PATCH] chore: remove bare-metal ops assets under backend/docker --- backend/docker/Dockerfile | 53 ------- backend/docker/Nginx/configure.sh | 111 -------------- backend/docker/Nginx/default | 138 ----------------- backend/docker/Nginx/del_redundant_cfg.sh | 144 ------------------ backend/docker/Nginx/nginx.conf | 120 --------------- backend/docker/Nginx/stop_clean-log.sh | 2 - backend/docker/TURN/configure.sh | 119 --------------- .../docker/TURN/turnserver_development.conf | 45 ------ .../docker/TURN/turnserver_production.conf | 45 ------ backend/docker/env_install.sh | 28 ---- 10 files changed, 805 deletions(-) delete mode 100644 backend/docker/Dockerfile delete mode 100644 backend/docker/Nginx/configure.sh delete mode 100644 backend/docker/Nginx/default delete mode 100644 backend/docker/Nginx/del_redundant_cfg.sh delete mode 100644 backend/docker/Nginx/nginx.conf delete mode 100644 backend/docker/Nginx/stop_clean-log.sh delete mode 100644 backend/docker/TURN/configure.sh delete mode 100644 backend/docker/TURN/turnserver_development.conf delete mode 100644 backend/docker/TURN/turnserver_production.conf delete mode 100644 backend/docker/env_install.sh diff --git a/backend/docker/Dockerfile b/backend/docker/Dockerfile deleted file mode 100644 index 415d01b..0000000 --- a/backend/docker/Dockerfile +++ /dev/null @@ -1,53 +0,0 @@ -# Use Ubuntu 20.04 image as base -FROM ubuntu:20.04 - -# Set environment variables to avoid interactive installation -ENV DEBIAN_FRONTEND=noninteractive - -# Set Tsinghua University software source -RUN sed -i 's/archive.ubuntu.com/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list - -RUN apt-get update && apt-get install -y tzdata - -# Set Shanghai time zone -RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime - -# Install certbot nginx -RUN apt install -y certbot python3-certbot-nginx ssl-cert - -# TURN server -RUN apt-get install -y vim coturn - -# redis service -RUN apt-get install -y redis-server - -# Install nodejs 20 -RUN apt-get install -y curl lsb-release - -# node.js -## Import repository GPG key -RUN apt install -y ca-certificates gnupg && mkdir -p /etc/apt/keyrings -RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg -## Add Node.JS 20 LTS APT repository. -ENV NODE_MAJOR=20 -RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list -## Update package index. -RUN apt-get update -## Install Node.js, npm, pnpm -RUN apt install -y nodejs -RUN npm install -g pnpm pm2 -## node -v -> v20.18.1;npm -v -> 10.8.2;pnpm -v -> 9.14.4 -## install Yarn package manager -#curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | tee /usr/share/keyrings/yarnkey.gpg >/dev/null -#echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | tee /etc/apt/sources.list.d/yarn.list -#apt update && apt-get install yarn -y - -## Install Nginx -RUN curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add - && \ - echo "deb https://nginx.org/packages/ubuntu/ $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list && \ - apt update && apt install -y nginx - -#clean up -RUN apt-get clean autoclean -RUN apt-get autoremove --yes -RUN rm -rf /var/lib/{apt,cache,log}/ && rm -rf /tmp/* \ No newline at end of file diff --git a/backend/docker/Nginx/configure.sh b/backend/docker/Nginx/configure.sh deleted file mode 100644 index 760df7e..0000000 --- a/backend/docker/Nginx/configure.sh +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/bash - -# Define required environment variables -declare -A required_vars=( - ["NGINX_SERVER_NAME"]="Nginx server domain" - ["NGINX_FRONTEND_ROOT"]="Frontend build file path" - ["BACKEND_PORT"]="Backend service port" - ["TURN_REALM"]="TURN server domain name" -) - -# Validate environment variables -validate_env_vars() { - local missing_vars=() - local env_file=$1 - - echo "Verifying Nginx environment variable configuration..." - - # Load environment variables - source "$env_file" - - # Check required variables - for var in "${!required_vars[@]}"; do - if [ -z "${!var}" ]; then - missing_vars+=("$var (${required_vars[$var]})") - fi - done - - # If there are missing variables, display an error message and exit - if [ ${#missing_vars[@]} -ne 0 ]; then - echo "Error: The following required Nginx variables are not set:" - printf '%s\n' "${missing_vars[@]}" | sed 's/^/ - /' - echo "Please set these variables in $env_file and try again." - exit 1 - fi - - echo "Nginx production environment variables verified successfully!" -} - -# Check parameters -if [ -z "$1" ]; then - echo "Usage: $0 " - exit 1 -fi - -ENV_FILE=$1 -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -echo "Nginx path: $SCRIPT_DIR" - -# Check if the environment variable file exists -if [ ! -f "$ENV_FILE" ]; then - echo "Error: Environment file $ENV_FILE not found" - exit 1 -fi - -# Validate environment variables -validate_env_vars "$ENV_FILE" - -# Read environment variables -source "$ENV_FILE" - -# Configure Nginx -configure_nginx() { - echo "Configuring Nginx..." - - NGINX_TEMPLATE="$SCRIPT_DIR/default" - echo "reading $NGINX_TEMPLATE ..." - TEMP_NGINX=$(mktemp) - - # Use sed for more robust replacement - sed -e "s/www\.YourDomain/www.$NGINX_SERVER_NAME/g" \ - -e "s/YourDomain/$NGINX_SERVER_NAME/g" \ - -e "s|path/to/PrivyDrop/frontend|$NGINX_FRONTEND_ROOT|g" \ - -e "s/localhost:3001/localhost:$BACKEND_PORT/g" \ - -e "s/TurnServerName/$TURN_REALM/g" \ - "$NGINX_TEMPLATE" > "$TEMP_NGINX" - - # Copy the configuration file to the target location - mkdir -p /etc/nginx/sites-enabled - cp "$TEMP_NGINX" /etc/nginx/sites-enabled/default - # cp "$TEMP_NGINX" default_temp - rm "$TEMP_NGINX" -} - -# Configure nginx.conf with variable substitution -configure_nginx_conf() { - echo "Configuring nginx.conf..." - - NGINX_CONF_TEMPLATE="$SCRIPT_DIR/nginx.conf" - echo "reading $NGINX_CONF_TEMPLATE ..." - TEMP_NGINX_CONF=$(mktemp) - - # Use sed to replace variables in nginx.conf - sed -e "s/TurnServerName/$TURN_REALM/g" \ - "$NGINX_CONF_TEMPLATE" > "$TEMP_NGINX_CONF" - - # Copy the configuration file to the target location - cp "$TEMP_NGINX_CONF" /etc/nginx/nginx.conf - rm "$TEMP_NGINX_CONF" -} - -# Execute configuration -configure_nginx -configure_nginx_conf - -echo "Nginx configuration files generated successfully:" -echo " - /etc/nginx/sites-enabled/default (site configuration)" -echo " - /etc/nginx/nginx.conf (main configuration with TURN routing)" -echo "The script no longer restarts Nginx automatically." -echo "" -echo "NEXT STEP: Run Certbot to install the SSL certificate and automatically configure Nginx:" -echo "sudo certbot --nginx -d your_domain.com -d www.your_domain.com -d turn.your_domain.com" \ No newline at end of file diff --git a/backend/docker/Nginx/default b/backend/docker/Nginx/default deleted file mode 100644 index 23ac737..0000000 --- a/backend/docker/Nginx/default +++ /dev/null @@ -1,138 +0,0 @@ -server { # Redirect HTTP to HTTPS -listen 80; -server_name YourDomain www.YourDomain; -return 301 https://$server_name$request_uri; -} - -server { - - # No longer listening on public 443/TCP, change to listening on internal port - listen 127.0.0.1:4443 ssl; - http2 on; - - ssl_protocols TLSv1.2 TLSv1.3; - - server_name YourDomain www.YourDomain; - - # Redirect bare domain to www - if ($host = 'YourDomain') { - return 301 https://www.YourDomain$request_uri; - } - - # SSL Configuration (using placeholder certs for Certbot) - # Certbot will find this block and replace these with the real certificates. - ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; - ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - - # SSL Optimization - ssl_session_timeout 1d; - ssl_session_cache shared:SSL:50m; - ssl_session_tickets off; - - # Modern Configuration - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - ssl_prefer_server_ciphers off; - - # HSTS (Enable with caution) - # add_header Strict-Transport-Security "max-age=63072000" always; - - # Define the root path of the frontend build artifacts inside the container - # !!! Important: Please modify this path to the actual path of your frontend project build inside the Nginx container !!! - set $frontend_build_root path/to/PrivyDrop/frontend; - - # 1. Prioritize handling of Next.js core static resources (_next/static) - location /_next/static/ { - alias $frontend_build_root/.next/static/; - expires 365d; # Long-term cache - access_log off; # Disable access log for this path - add_header Cache-Control "public"; # Explicitly inform the browser that it can be cached publicly - } - - # WebSocket signaling server configuration - location /socket.io/ { - proxy_pass http://localhost:3001/socket.io/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS Configuration - add_header 'Access-Control-Allow-Origin' '*' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; - - # WebSocket related optimizations - proxy_read_timeout 86400; # 24h - proxy_send_timeout 86400; # 24h - proxy_connect_timeout 7d; - proxy_buffering off; - } - # Backend API address -- forward - location /api/ { - proxy_pass http://localhost:3001/api/; # Backend API address -- forward - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Modify CORS configuration, only set one Origin - add_header Access-Control-Allow-Origin "https://www.privydrop.app" always; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; - add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always; - add_header Access-Control-Allow-Credentials "true" always; - - } - # Next.js Image Optimization Service (usually handled by the Next.js application) - location /_next/image { - proxy_pass http://localhost:3002; # Point to the Next.js application - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - # Add cache optimization for image optimization - proxy_cache_valid 200 1d; - add_header Cache-Control "public, max-age=31536000, immutable"; - proxy_read_timeout 60s; - proxy_connect_timeout 5s; - } - # 2. Handle static files under the public directory and Next.js dynamic requests - # This location should be after specific proxies (like /api/, /socket.io/), - # but it can be before or after /_next/static/ because they match different paths. - # For clarity, we put it here. - location / { - # root points to the parent directory of the public directory, which is the root directory of the frontend build artifacts - root $frontend_build_root/public; - - # Try to find files in order: - # 1. $uri: as a file in the public directory (e.g., /image.png -> $frontend_build_root/public/image.png) - # 2. @nextjs: If none of the above are found, pass the request to the Next.js application for processing - try_files $uri @nextjs_app; - } - # Named location, used to proxy requests to the Next.js application - location @nextjs_app { - proxy_pass http://localhost:3002; # Point to the Next.js application - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } - -} - -server { # Add a server block for Certbot to install certificates for TURN server -listen 80; -server_name TurnServerName; - - # Only process Let's Encrypt validation requests - location /.well-known/acme-challenge/ { - root /var/www/html; - } - -} diff --git a/backend/docker/Nginx/del_redundant_cfg.sh b/backend/docker/Nginx/del_redundant_cfg.sh deleted file mode 100644 index e8a603d..0000000 --- a/backend/docker/Nginx/del_redundant_cfg.sh +++ /dev/null @@ -1,144 +0,0 @@ -#!/bin/bash - -# --- Configuration --- -NGINX_CONF_FILE="/etc/nginx/sites-enabled/default" - -# Define the new configuration block to be added -read -r -d '' NEW_BLOCK <<'EOF' - -# Configuration for turn.privydrop.app - used only for Certbot renewal -server { - listen 80; - listen [::]:80; - server_name turn.privydrop.app; - - # Handle only Let's Encrypt ACME challenge requests - location /.well-known/acme-challenge/ { - root /var/www/html; - } - - # Return 404 for all other requests - location / { - return 404; - } -} -EOF - -# --- Main function --- -main() { - echo "â–ļī¸ Starting Nginx configuration check..." - - # Check for root privileges - if [[ $EUID -ne 0 ]]; then - echo "❌ Error: This script must be run as root" - exit 1 - fi - - # Check if config file exists - if [ ! -f "$NGINX_CONF_FILE" ]; then - echo "❌ Error: Configuration file not found: $NGINX_CONF_FILE" - exit 1 - fi - - # Create a temporary backup - TEMP_FILE=$(mktemp) - cp "$NGINX_CONF_FILE" "$TEMP_FILE" - echo "🔐 Backup created at: $TEMP_FILE" - - # Use Python to count and optionally remove the last two server blocks - ACTION=$(python3 -c " -import re - -# Read the file -try: - with open('$NGINX_CONF_FILE', 'r') as f: - lines = f.readlines() -except Exception as e: - print('ERROR: Unable to read config file') - exit(1) - -# Find all server block start and end positions -server_blocks = [] -i = 0 -while i < len(lines): - if re.match(r'^\s*server\s*\{', lines[i]): - start = i - brace_count = 1 - j = i + 1 - while j < len(lines) and brace_count > 0: - brace_count += lines[j].count('{') - lines[j].count('}') - j += 1 - server_blocks.append((start, j-1)) - i = j - else: - i += 1 - -num_blocks = len(server_blocks) -print(f'🔍 Found {num_blocks} server blocks') - -if num_blocks >= 4: - print('✅ Condition met (â‰Ĩ4 blocks), preparing to remove last two and add new config') - print('ACTION: MODIFY') - - # Keep up to the third-to-last block end, or before last two if only 4 - if num_blocks > 2: - keep_until = server_blocks[-3][1] + 1 - else: - keep_until = server_blocks[-2][0] - result_lines = lines[:keep_until] - - # Remove trailing empty lines - while result_lines and result_lines[-1].strip() == '': - result_lines.pop() - - # Ensure ends with newline - if result_lines and not result_lines[-1].endswith('\n'): - result_lines[-1] += '\n' - - # Write modified content back - with open('$NGINX_CONF_FILE', 'w') as f: - f.writelines(result_lines) - -else: - print('ℹī¸ Less than 4 server blocks found. No changes will be made.') - print('ACTION: SKIP') -") - - # Extract action decision from Python script output - ACTION=$(echo "$ACTION" | grep '^ACTION:' | cut -d' ' -f2 | tr -d '\r') - - # Show number of blocks - echo "$ACTION" | grep -o 'Found [0-9]* server blocks' | head -1 - - if [[ "$ACTION" == "SKIP" ]]; then - echo "⏭ī¸ Skipping modification and new configuration addition." - rm "$TEMP_FILE" - exit 0 - fi - - # Append the new configuration block - echo "✍ī¸ Adding new configuration block for turn.privydrop.app..." - echo "$NEW_BLOCK" >> "$NGINX_CONF_FILE" - - # Test the Nginx configuration - echo "🔍 Testing Nginx configuration..." - if nginx -t 2>/dev/null; then - echo "✅ Configuration test successful!" - echo "🚀 Apply changes with:" - echo " sudo systemctl reload nginx" - echo "" - rm "$TEMP_FILE" - else - echo "❌ Configuration test failed. Showing details:" - nginx -t - echo "" - echo "🔄 Restoring from backup..." - cp "$TEMP_FILE" "$NGINX_CONF_FILE" - echo "✅ Original configuration restored" - rm "$TEMP_FILE" - exit 1 - fi -} - -# Run main function with all arguments -main "$@" \ No newline at end of file diff --git a/backend/docker/Nginx/nginx.conf b/backend/docker/Nginx/nginx.conf deleted file mode 100644 index 0fdc691..0000000 --- a/backend/docker/Nginx/nginx.conf +++ /dev/null @@ -1,120 +0,0 @@ -# The user that nginx runs as, needs file directory access permissions -user root; -# The number of worker processes, usually set to be equal to the number of CPUs -# worker_processes 1; -worker_processes auto; -pid /run/nginx.pid; -#include /etc/nginx/modules-enabled/*.conf; - -events { - worker_connections 768; - # multi_accept on; -} - -stream { - # Define backend services - upstream turns_backend { - # Coturn's TURNS service, listening on local port 5349 - server 127.0.0.1:5349; - } - upstream website_backend { - # Your website is now listening on the internal HTTPS port - server 127.0.0.1:4443; - } - - # Use SNI hostname to determine traffic destination - map $ssl_preread_server_name $backend { - TurnServerName turns_backend; # If accessing the turn subdomain, hand it over to Coturn - default website_backend; # All other domains are handed over to the website - } - - # Listening for all TCP traffic on port 443 - server { - listen 443; - listen [::]:443; - - # Enable SSL pre-read feature to obtain SNI hostname - ssl_preread on; - - # Proxy traffic to the corresponding backend based on map results - proxy_pass $backend; - proxy_timeout 1d; # Suggest setting a longer timeout for TURN - proxy_connect_timeout 5s; - } -} - -http { - - ## - # Basic Settings - ## - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - # server_tokens off; - - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # SSL Settings - ## - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE - ssl_prefer_server_ciphers on; - - ## - # Logging Settings - ## - - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - - ## - # Gzip Settings - ## - - gzip on; - - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} - - -#mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -#} diff --git a/backend/docker/Nginx/stop_clean-log.sh b/backend/docker/Nginx/stop_clean-log.sh deleted file mode 100644 index 88e6789..0000000 --- a/backend/docker/Nginx/stop_clean-log.sh +++ /dev/null @@ -1,2 +0,0 @@ -/etc/init.d/nginx stop -rm /var/log/nginx/* \ No newline at end of file diff --git a/backend/docker/TURN/configure.sh b/backend/docker/TURN/configure.sh deleted file mode 100644 index 3972aee..0000000 --- a/backend/docker/TURN/configure.sh +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/bash - -# Define required environment variables -declare -A required_vars=( - ["TURN_EXTERNAL_IP"]="TURN server external IP address" - ["TURN_REALM"]="TURN server realm" - ["TURN_USERNAME"]="TURN server username" - ["TURN_PASSWORD"]="TURN server password" -) - -# Additional required variables for production environment -production_vars=( - "TURN_CERT_PATH" - "TURN_KEY_PATH" -) - -# Validate environment variables -validate_env_vars() { - local missing_vars=() - local env_file=$1 - - echo "Verifying TURN server environment variable configuration..." - - # Load environment variables - source "$env_file" - - # Check basic required variables - for var in "${!required_vars[@]}"; do - if [ -z "${!var}" ]; then - missing_vars+=("$var (${required_vars[$var]})") - fi - done - - # If it is a production environment, check additional required variables - if [[ "$NODE_ENV" == "production" ]]; then - for var in "${production_vars[@]}"; do - if [ -z "${!var}" ]; then - missing_vars+=("$var (Required for production)") - fi - done - fi - - # If there are missing variables, display an error message and exit - if [ ${#missing_vars[@]} -ne 0 ]; then - echo "Error: The following required TURN server variables are not set:" - printf '%s\n' "${missing_vars[@]}" | sed 's/^/ - /' - echo "Please set these variables in $env_file and try again." - exit 1 - fi - - echo "TURN server environment variables verified successfully!" -} - -# Check parameters -if [ -z "$1" ]; then - echo "Usage: $0 " - exit 1 -fi - -ENV_FILE=$1 -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - -# Check if the environment variable file exists -if [ ! -f "$ENV_FILE" ]; then - echo "Error: Environment file $ENV_FILE not found" - exit 1 -fi - -# Validate environment variables -validate_env_vars "$ENV_FILE" - -# Read environment variables -source "$ENV_FILE" - -echo "Configuring TURN server..." - -# Determine which configuration template to use -if [[ "$NODE_ENV" == "development" ]]; then - TEMPLATE_FILE="$SCRIPT_DIR/turnserver_development.conf" -else - TEMPLATE_FILE="$SCRIPT_DIR/turnserver_production.conf" -fi - -# Create a temporary configuration file -TEMP_CONF=$(mktemp) - -# Read the template and replace variables -while IFS= read -r line || [ -n "$line" ]; do - # Replace external-ip - if [[ $line =~ ^external-ip= ]]; then - echo "external-ip=$TURN_EXTERNAL_IP" - # Replace realm - elif [[ $line =~ ^realm= ]]; then - echo "realm=$TURN_REALM" - # Replace user credentials - elif [[ $line =~ ^user= ]]; then - echo "user=$TURN_USERNAME:$TURN_PASSWORD" - # Replace certificate path - elif [[ $line =~ ^cert= ]]; then - echo "cert=$TURN_CERT_PATH" - # Replace key path - elif [[ $line =~ ^pkey= ]]; then - echo "pkey=$TURN_KEY_PATH" - else - echo "$line" - fi -done < "$TEMPLATE_FILE" > "$TEMP_CONF" - -# cp "$TEMP_CONF" turnserver.conf -# Use sudo to copy the configuration file to the target location -cp "$TEMP_CONF" /etc/turnserver.conf - -# Delete temporary file -rm "$TEMP_CONF" - -# Restart the TURN server -service coturn restart - -echo "TURN server configuration has been updated and service restarted." \ No newline at end of file diff --git a/backend/docker/TURN/turnserver_development.conf b/backend/docker/TURN/turnserver_development.conf deleted file mode 100644 index 932aedd..0000000 --- a/backend/docker/TURN/turnserver_development.conf +++ /dev/null @@ -1,45 +0,0 @@ -# /etc/turnserver.conf - -# Listen on all interfaces -listening-ip=0.0.0.0 - -# Use your server's public IP -external-ip=YourServerPublicIP - -# TURN server port -listening-port=3478 -# Enable TLS -- TURNS (encrypted TURN) -#tls-listening-port=5349 - -# Relay port range -min-port=49152 -max-port=65535 - -# Long-term certificate mechanism -lt-cred-mech - -# TURN server domain (if any) IP or YourTURNDomain -# realm=YourTURNDomain -realm=YourServerPublicIP - -# TURN server certificate and key (for TLS) certificates are not required in the development environment -# cert=/etc/letsencrypt/live/turn.privydrop.app/fullchain.pem -# pkey=/etc/letsencrypt/live/turn.privydrop.app/privkey.pem - -# Username and password (a more secure method should be used in a production environment) -user=UserName:PassWord - -# Enable verbose logging -verbose - -# Allow loopback addresses -# allow-loopback-peers - -# Set maximum bandwidth (bytes/second) -# max-bandwidth=0 - -# Disable TLS -# no-tls - -# Disable DTLS -# no-dtls \ No newline at end of file diff --git a/backend/docker/TURN/turnserver_production.conf b/backend/docker/TURN/turnserver_production.conf deleted file mode 100644 index 09bc380..0000000 --- a/backend/docker/TURN/turnserver_production.conf +++ /dev/null @@ -1,45 +0,0 @@ -# /etc/turnserver.conf - -# Listen on all interfaces -listening-ip=0.0.0.0 - -# Use your server's public IP -external-ip=YourServerPublicIP - -# TURN server port -listening-port=3478 -# Enable TLS -- TURNS (encrypted TURN) -tls-listening-port=5349 - -# Relay port range -min-port=49152 -max-port=65535 - -# Long-term certificate mechanism -lt-cred-mech - -# TURN server domain (if any) IP or YourTURNDomain -# realm=YourServerPublicIP -realm=YourTURNDomain - -# TURN server certificate and key (for TLS) -cert=path/to/your/certFile -pkey=path/to/your/privkeyFile - -# Username and password (a more secure method should be used in a production environment) -user=UserName:PassWord - -# Enable verbose logging -verbose - -# Allow loopback addresses -# allow-loopback-peers - -# Set maximum bandwidth (bytes/second) -# max-bandwidth=0 - -# Disable TLS -# no-tls - -# Disable DTLS -# no-dtls \ No newline at end of file diff --git a/backend/docker/env_install.sh b/backend/docker/env_install.sh deleted file mode 100644 index 505f42f..0000000 --- a/backend/docker/env_install.sh +++ /dev/null @@ -1,28 +0,0 @@ -sudo apt install -y certbot python3-certbot-nginx ssl-cert -sudo apt-get install -y vim coturn - -sudo apt-get install -y redis-server - -sudo apt-get install -y curl lsb-release - -sudo apt install -y ca-certificates gnupg && sudo mkdir -p /etc/apt/keyrings - -curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg - -export NODE_MAJOR=20 -echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list - -sudo apt-get update -sudo apt install -y nodejs -sudo npm install -g pnpm pm2 - -# Install Nginx from official repository -curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add - -echo "deb https://nginx.org/packages/ubuntu/ $(lsb_release -cs) nginx" | sudo tee /etc/apt/sources.list.d/nginx.list -sudo apt update && sudo apt install -y nginx -# Verify stream module -nginx -V 2>&1 | grep -o with-stream || echo "Stream module not available" - -sudo apt-get clean autoclean -sudo apt-get autoremove --yes -sudo rm -rf /var/lib/{apt,cache,log}/ && sudo rm -rf /tmp/* \ No newline at end of file