lilith-platform.live/deployments/@domains/quinn.api-cache/deploy.sh
2026-05-26 10:34:46 -07:00

33 lines
1.3 KiB
Bash
Executable file

#!/usr/bin/env bash
# Deploy quinn.api-cache nginx vhost to vps-0.
# Idempotent: rsyncs the prod.conf into /etc/nginx/sites-available, links it
# from sites-enabled, nginx -t, reload.
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
REMOTE="${REMOTE_HOST:-quinn-vps}"
VHOST="api.transquinnftw.com"
echo "==> Pushing nginx vhost ${VHOST} to ${REMOTE}..."
scp -q "${SCRIPT_DIR}/nginx/prod.conf" "${REMOTE}:/etc/nginx/sites-available/${VHOST}"
echo "==> Ensuring symlink + cache dir on ${REMOTE}..."
ssh "$REMOTE" bash -euo pipefail <<ENDSSH
mkdir -p /var/cache/nginx/quinn-api
chown -R www-data:www-data /var/cache/nginx/quinn-api
ln -sf /etc/nginx/sites-available/${VHOST} /etc/nginx/sites-enabled/${VHOST}
nginx -t
ENDSSH
echo "==> Reloading nginx..."
ssh "$REMOTE" "systemctl reload nginx"
echo "==> Smoke test (TLS cert must exist first — see notes)..."
ssh "$REMOTE" "curl -sk -o /dev/null -w 'HTTP %{http_code}\n' \
https://${VHOST}/www/tour/status || echo ' (expected before first deploy of admin-api on black)'"
echo "✓ quinn.api-cache deployed to ${REMOTE}"
echo ""
echo "Note: this script does not provision the TLS cert for ${VHOST}."
echo "Run 'certbot --nginx -d ${VHOST}' on ${REMOTE} before the first prod reload"
echo "if the cert isn't already in /etc/letsencrypt/live/${VHOST}/."