#!/bin/bash set -euo pipefail export PATH="/usr/local/bin:/usr/local/cpanel/bin:/usr/local/cpanel/scripts:$PATH" ######################################## # INGRESO DE VARIABLES ######################################## if [[ $# -lt 4 ]]; then echo "Uso: ./setup_cd_project2.sh \"\" <product> [password] [domain]" echo "Ejemplo: ./setup_cd_project2.sh juandev2 juan@mail.com \"Juan Dev Studio\" art-design" echo "Ejemplo: ./setup_cd_project2.sh juandev2 juan@mail.com \"Juan Dev Studio\" petite-website MyPass123 https://juandev2.bewpro.com" exit 1 fi BASE_NAME="$1" EMAIL="$2" TITLE="$3" PRODUCT="$4" PASSWORD="${5:-$(openssl rand -base64 12 | tr -d '/+=')}" DOMAIN_ARG="${6:-}" # Opcional: exportar SKIP_ASSETS=true para saltar assets (por velocidad) SKIP_ASSETS="${SKIP_ASSETS:-false}" # Opcional: CLEAN_PROVISION=true para provisión limpia sin seed content (para resellers) CLEAN_PROVISION="${CLEAN_PROVISION:-false}" # Opcional: BRAND_COLORS para colores de marca BRAND_COLORS="${BRAND_COLORS:-}" ######################################## # VARIABLES AUTOMÁTICAS ######################################## USERNAME="${BASE_NAME}" DOMAIN_NAME="${BASE_NAME}.bewpro.com" APP_URL="${DOMAIN_ARG:-https://${DOMAIN_NAME}}" DB_NAME="${BASE_NAME}_bp" DB_USER="${BASE_NAME}_bpuser" DB_PASSWORD="${PASSWORD}" APP_NAME="${BASE_NAME}" REPO_SSH="git@github.com:LACOMPANIADIGITAL/cd-system.git" REPO_REFERENCE="/opt/cd-system-reference.git" PROJECT_DIR_NAME="${BASE_NAME}" PHP_BIN="php" COMPOSER_BIN="composer" COMPOSER_CACHE_DIR="/root/.composer-cache" # DNS (Hostinger API) — solo para subdominios *.bewpro.com HOSTINGER_DNS_ZONE="bewpro.com" HOSTINGER_SERVER_IP="72.61.45.136" CONFIG_FILE="/root/scripts/.airtable.env" [[ -f "$CONFIG_FILE" ]] && source "$CONFIG_FILE" HOSTINGER_TOKEN="${HOSTINGER_TOKEN:-}" ######################################## # FUNCIONES AUXILIARES ######################################## die() { echo "ERROR: $*" >&2 exit 1 } require_cmd() { command -v "$1" >/dev/null 2>&1 || die "No se encontró el comando requerido: $1" } ######################################## # VALIDACIONES ######################################## if [[ "$(id -u)" -ne 0 ]]; then die "Este script debe ejecutarse como root." fi # cPanel limita username (común: máx 16; aquí usamos 14 por seguridad como ya manejas en otros flujos) if [[ ! "$BASE_NAME" =~ ^[a-z0-9]{1,14}$ ]]; then die "base_name inválido. Solo minúsculas y números, máx 14 caracteres." fi if [[ ! "$EMAIL" =~ ^[^@[:space:]]+@[^@[:space:]]+\.[^@[:space:]]+$ ]]; then die "Email inválido: $EMAIL" fi require_cmd whmapi1 require_cmd uapi require_cmd git require_cmd "$PHP_BIN" require_cmd "$COMPOSER_BIN" require_cmd openssl require_cmd curl ######################################## # INICIO ######################################## echo "=========================================" >&2 echo " SETUP NUEVO PROYECTO: ${DOMAIN_NAME}" >&2 echo " Usuario cPanel: ${USERNAME}" >&2 echo " Email: ${EMAIL}" >&2 echo " Título: ${TITLE}" >&2 echo " Producto: ${PRODUCT}" >&2 echo " URL: ${APP_URL}" >&2 echo " SKIP_ASSETS: ${SKIP_ASSETS}" >&2 echo "=========================================" >&2 ######################################## # 1. Crear cuenta cPanel ######################################## echo "[1/10] Creando cuenta cPanel..." >&2 CREATE_LOG="/tmp/createacct_${USERNAME}.log" whmapi1 createacct \ username="${USERNAME}" \ domain="${DOMAIN_NAME}" \ password="${DB_PASSWORD}" \ contactemail="noreply@bewpro.com" >"${CREATE_LOG}" 2>&1 || true # whmapi1 suele salir 0 aunque falle: inspeccionar log if grep -q "result: 1" "${CREATE_LOG}"; then echo "[1/10] Cuenta creada." >&2 elif grep -qi "already exists" "${CREATE_LOG}"; then echo "[1/10] Cuenta ya existe — continuando (idempotente)." >&2 else echo "Error creando cuenta cPanel:" >&2 grep -i "reason:" "${CREATE_LOG}" >&2 || cat "${CREATE_LOG}" >&2 exit 1 fi echo "[1/10] Esperando que el usuario esté disponible..." >&2 for _ in $(seq 1 15); do id "${USERNAME}" &>/dev/null && break sleep 2 done id "${USERNAME}" &>/dev/null || die "usuario ${USERNAME} no disponible tras 30s" ######################################## # 2. Crear DB, usuario y permisos ######################################## echo "[2/10] Creando DB y usuario..." >&2 uapi --user="${USERNAME}" Mysql create_database name="${DB_NAME}" >/tmp/uapi_db_${USERNAME}.log 2>&1 || true uapi --user="${USERNAME}" Mysql create_user name="${DB_USER}" password="${DB_PASSWORD}" >/tmp/uapi_user_${USERNAME}.log 2>&1 || true uapi --user="${USERNAME}" Mysql set_privileges_on_database \ user="${DB_USER}" \ database="${DB_NAME}" \ privileges=ALL >/tmp/uapi_grants_${USERNAME}.log 2>&1 || true echo "[2/10] DB ${DB_NAME} y USER ${DB_USER} listos." >&2 ######################################## # 3. Copiar claves SSH al usuario ######################################## echo "[3/10] Configurando claves SSH..." >&2 mkdir -p "/home/${USERNAME}/.ssh" [[ -f /root/.ssh/id_rsa ]] && cp /root/.ssh/id_rsa* "/home/${USERNAME}/.ssh/" || true [[ -f /root/.ssh/id_ed25519 ]] && cp /root/.ssh/id_ed25519* "/home/${USERNAME}/.ssh/" || true if compgen -G "/home/${USERNAME}/.ssh/*.pub" > /dev/null; then cat "/home/${USERNAME}/.ssh/"*.pub > "/home/${USERNAME}/.ssh/authorized_keys" fi chown -R "${USERNAME}:${USERNAME}" "/home/${USERNAME}/.ssh" chmod 700 "/home/${USERNAME}/.ssh" chmod 600 "/home/${USERNAME}/.ssh"/* || true chmod 644 "/home/${USERNAME}/.ssh/"*.pub || true chmod 600 "/home/${USERNAME}/.ssh/authorized_keys" || true ######################################## # 4. Crear estructura git-files ######################################## echo "[4/10] Preparando estructura git-files..." >&2 su - "${USERNAME}" -c "mkdir -p public_html/git-files/${PROJECT_DIR_NAME}" >&2 su - "${USERNAME}" -c " mkdir -p ~/.ssh ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null || true chmod 700 ~/.ssh chmod 644 ~/.ssh/known_hosts " >&2 ######################################## # 5. Clonar cd-system (con reference local) ######################################## echo "[5/10] Clonando repositorio cd-system..." >&2 if [[ ! -d "${REPO_REFERENCE}" ]]; then echo "[5/10] Inicializando reference clone (primera vez, puede tardar)..." >&2 git clone --bare "${REPO_SSH}" "${REPO_REFERENCE}" >&2 else git -C "${REPO_REFERENCE}" fetch --all --quiet >&2 || true fi if su - "${USERNAME}" -c "test -d public_html/git-files/${PROJECT_DIR_NAME}/.git" 2>/dev/null; then echo "[5/10] Repo ya existe — haciendo git pull (idempotente)." >&2 su - "${USERNAME}" -c " cd public_html/git-files/${PROJECT_DIR_NAME} && \ git fetch origin && \ git checkout cd-system && \ git pull --ff-only origin cd-system " >&2 else su - "${USERNAME}" -c " cd public_html/git-files/${PROJECT_DIR_NAME} && \ git clone --branch cd-system --reference ${REPO_REFERENCE} ${REPO_SSH} . " >&2 fi ######################################## # 6. Composer + env ######################################## echo "[6/10] Configurando Laravel..." >&2 su - "${USERNAME}" -c " cd public_html/git-files/${PROJECT_DIR_NAME} && \ cp .env.example .env " >&2 su - "${USERNAME}" -c " cd public_html/git-files/${PROJECT_DIR_NAME} && \ sed -i \ -e 's|^APP_NAME=.*|APP_NAME=\"${APP_NAME}\"|' \ -e 's|^APP_ENV=.*|APP_ENV=production|' \ -e 's|^APP_DEBUG=.*|APP_DEBUG=false|' \ -e 's|^APP_URL=.*|APP_URL=${APP_URL}|' \ -e 's|^DB_CONNECTION=.*|DB_CONNECTION=mysql|' \ -e 's|^DB_HOST=.*|DB_HOST=localhost|' \ -e 's|^DB_PORT=.*|DB_PORT=3306|' \ -e 's|^DB_DATABASE=.*|DB_DATABASE=${DB_NAME}|' \ -e 's|^DB_USERNAME=.*|DB_USERNAME=${DB_USER}|' \ -e 's|^DB_PASSWORD=.*|DB_PASSWORD=${DB_PASSWORD}|' \ -e 's|^RUN_PROJECT_SEEDER=.*|RUN_PROJECT_SEEDER=true|' \ -e 's|^MAIL_MAILER=.*|MAIL_MAILER=smtp|' \ -e 's|^MAIL_HOST=.*|MAIL_HOST=mail.lacompaniadigital.com|' \ -e 's|^MAIL_PORT=.*|MAIL_PORT=465|' \ -e 's|^MAIL_USERNAME=.*|MAIL_USERNAME=noreply@bewpro.com|' \ -e 's|^MAIL_PASSWORD=.*|MAIL_PASSWORD=6A5cnothb8it7QbHJQJQ|' \ -e 's|^MAIL_ENCRYPTION=.*|MAIL_ENCRYPTION=ssl|' \ -e 's|^MAIL_FROM_ADDRESS=.*|MAIL_FROM_ADDRESS=noreply@bewpro.com|' \ -e 's|^MAIL_FROM_NAME=.*|MAIL_FROM_NAME=BewPro|' \ .env " >&2 APP_KEY_VALUE="base64:$(openssl rand -base64 32)" su - "${USERNAME}" -c " cd public_html/git-files/${PROJECT_DIR_NAME} && \ sed -i 's|^APP_KEY=.*|APP_KEY=${APP_KEY_VALUE}|' .env " >&2 su - "${USERNAME}" -c " cd public_html/git-files/${PROJECT_DIR_NAME} && \ COMPOSER_CACHE_DIR=${COMPOSER_CACHE_DIR} ${COMPOSER_BIN} install --no-scripts --no-interaction --ignore-platform-reqs " >&2 su - "${USERNAME}" -c " cd public_html/git-files/${PROJECT_DIR_NAME} && \ ${PHP_BIN} artisan package:discover --ansi " >&2 || true ######################################## # 7. Provisionar con bewpro:new ######################################## echo "[7/10] Provisionando proyecto con bewpro:new..." >&2 # Construir flags opcionales EXTRA_FLAGS="" if [[ "${SKIP_ASSETS}" == "true" ]]; then EXTRA_FLAGS="${EXTRA_FLAGS} --skip-assets" echo "[7/10] Aviso: SKIP_ASSETS=true, se omitirá procesamiento de assets." >&2 fi if [[ "${CLEAN_PROVISION}" == "true" ]]; then EXTRA_FLAGS="${EXTRA_FLAGS} --clean" echo "[7/10] Modo: provisión limpia (--clean)" >&2 fi if [[ -n "${BRAND_COLORS}" ]]; then EXTRA_FLAGS="${EXTRA_FLAGS} --colors='${BRAND_COLORS}'" echo "[7/10] Colores de marca: ${BRAND_COLORS}" >&2 fi su - "${USERNAME}" -c " cd public_html/git-files/${PROJECT_DIR_NAME} && \ ${PHP_BIN} artisan bewpro:new \ '${EMAIL}' \ '${TITLE}' \ '${PRODUCT}' \ --db='${DB_NAME}' \ --url='${APP_URL}' \ --password='${PASSWORD}' \ ${EXTRA_FLAGS} \ --no-email \ --no-interaction " >&2 su - "${USERNAME}" -c " cd public_html/git-files/${PROJECT_DIR_NAME} && \ ${PHP_BIN} artisan storage:link " >&2 || true echo "[7/10] Proyecto provisionado." >&2 ######################################## # 8. Crear .htaccess final ######################################## echo "[8/10] Generando .htaccess..." >&2 cat > "/home/${USERNAME}/public_html/.htaccess" <<EOF <IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^\.well-known/acme-challenge/ - [L,NC] RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ [NC] RewriteCond %{REQUEST_URI} !^/git-files/${PROJECT_DIR_NAME}/public/ [NC] RewriteRule ^(.*)$ git-files/${PROJECT_DIR_NAME}/public/\$1 [L] </IfModule> EOF chown "${USERNAME}:${USERNAME}" "/home/${USERNAME}/public_html/.htaccess" ######################################## # 9. Crear registro DNS en Hostinger ######################################## echo "[9/10] Creando registro DNS..." >&2 if [[ "${APP_URL}" == *".bewpro.com"* ]] && [[ -n "${HOSTINGER_TOKEN}" ]]; then DNS_RESULT=$(curl -s -X PUT \ -H "Authorization: Bearer ${HOSTINGER_TOKEN}" \ -H "Content-Type: application/json" \ -d "{\"overwrite\": false, \"zone\": [{\"name\": \"${BASE_NAME}\", \"type\": \"A\", \"ttl\": 3600, \"records\": [{\"content\": \"${HOSTINGER_SERVER_IP}\"}]}]}" \ "https://developers.hostinger.com/api/dns/v1/zones/${HOSTINGER_DNS_ZONE}") if echo "${DNS_RESULT}" | grep -Eq "accepted|success"; then echo "[9/10] DNS creado: ${BASE_NAME}.${HOSTINGER_DNS_ZONE} → ${HOSTINGER_SERVER_IP}" >&2 else echo "[9/10] WARN: DNS no pudo crearse automáticamente. Crear manualmente:" >&2 echo " ${DOMAIN_NAME} → ${HOSTINGER_SERVER_IP}" >&2 echo " Respuesta API: ${DNS_RESULT}" >&2 fi elif [[ "${APP_URL}" != *".bewpro.com"* ]]; then echo "[9/10] Dominio custom detectado — DNS manual:" >&2 echo " ${APP_URL} → ${HOSTINGER_SERVER_IP}" >&2 else echo "[9/10] WARN: HOSTINGER_TOKEN no configurado — DNS no creado." >&2 echo " Crear manualmente: ${DOMAIN_NAME} → ${HOSTINGER_SERVER_IP}" >&2 fi ######################################## # 10. AutoSSL ######################################## echo "[10/10] Iniciando AutoSSL..." >&2 # Esperar propagación DNS con verificación activa (hasta 3 minutos) echo "[10/10] Verificando propagación DNS para ${DOMAIN_NAME}..." >&2 DNS_READY=false for _ in $(seq 1 18); do RESOLVED_IP=$(dig +short A "${DOMAIN_NAME}" @8.8.8.8 2>/dev/null \ | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | head -1 || true) if [[ "${RESOLVED_IP}" == "${HOSTINGER_SERVER_IP}" ]]; then DNS_READY=true echo "[10/10] DNS propagado: ${DOMAIN_NAME} → ${RESOLVED_IP}" >&2 break fi echo "[10/10] Esperando DNS... (resuelve: ${RESOLVED_IP:-sin respuesta})" >&2 sleep 10 done if ! $DNS_READY; then echo "[10/10] WARN: DNS no propagó en 3 minutos. AutoSSL puede fallar." >&2 echo "[10/10] Verificar manualmente: ${DOMAIN_NAME} → ${HOSTINGER_SERVER_IP}" >&2 fi # Disparar AutoSSL whmapi1 start_autossl_check_for_one_user username="${USERNAME}" >/dev/null 2>&1 || true # Esperar y verificar con lógica correcta (hasta ~3 minutos) SSL_OK=false echo "[10/10] Esperando emisión de certificado..." >&2 for i in $(seq 1 18); do sleep 10 # Verificar via openssl si el cert ya está sirviendo CERT_CHECK=$(echo | timeout 5 openssl s_client \ -connect "${DOMAIN_NAME}:443" \ -servername "${DOMAIN_NAME}" 2>/dev/null \ | openssl x509 -noout -subject 2>/dev/null || true) if echo "${CERT_CHECK}" | grep -qi "${DOMAIN_NAME}"; then SSL_OK=true echo "[10/10] SSL verificado via TLS para ${DOMAIN_NAME}." >&2 break fi # También consultar whmapi1 correctamente VHOST_HAS_CERT=$(whmapi1 fetch_ssl_vhosts 2>/dev/null \ | grep -A20 "domain: ${DOMAIN_NAME}" \ | grep -c "certificate_id:" || true) if [[ "${VHOST_HAS_CERT}" -gt 0 ]]; then SSL_OK=true echo "[10/10] SSL confirmado via WHM para ${DOMAIN_NAME}." >&2 break fi echo "[10/10] Intento ${i}/18 — SSL aún no listo..." >&2 done if $SSL_OK; then echo "[10/10] SSL emitido para ${DOMAIN_NAME}." >&2 else echo "[10/10] WARN: SSL no confirmado tras ~3min — puede tardar unos minutos más." >&2 echo "[10/10] Verificar manualmente o re-ejecutar:" >&2 echo "[10/10] whmapi1 start_autossl_check_for_one_user username=${USERNAME}" >&2 fi ######################################## # FIN ######################################## echo "=========================================" >&2 echo " PROYECTO CONFIGURADO EXITOSAMENTE" >&2 echo " URL: ${APP_URL}" >&2 echo " Usuario cPanel: ${USERNAME}" >&2 echo " DB: ${DB_NAME}" >&2 echo "=========================================" >&2 # IMPORTANTE: Esta debe ser la ÚLTIMA línea (STDOUT limpio para orquestador) echo "${APP_URL}"