#!/bin/bash # LittleShop Production Deployment Script # Deploys the complete e-commerce system to production environment set -e echo "🚀 Starting LittleShop Production Deployment..." # Configuration DEPLOY_DIR="/opt/littleshop" BACKUP_DIR="/opt/littleshop-backup-$(date +%Y%m%d-%H%M%S)" SYSTEMD_DIR="/etc/systemd/system" NGINX_CONFIG="/etc/nginx/sites-available" # Check if running as root if [[ $EUID -ne 0 ]]; then echo "❌ This script must be run as root (use sudo)" exit 1 fi echo "📋 Creating deployment directories..." mkdir -p $DEPLOY_DIR/{littleshop,telebot,data,logs} mkdir -p $BACKUP_DIR # Backup existing installation if it exists if [ -d "$DEPLOY_DIR/littleshop" ] && [ "$(ls -A $DEPLOY_DIR/littleshop)" ]; then echo "💾 Backing up existing installation..." cp -r $DEPLOY_DIR/* $BACKUP_DIR/ echo "✅ Backup created at $BACKUP_DIR" fi echo "📦 Deploying LittleShop API..." cp -r ./LittleShop/* $DEPLOY_DIR/littleshop/ chmod +x $DEPLOY_DIR/littleshop/LittleShop echo "🤖 Deploying TeleBot..." cp -r ./TeleBot/* $DEPLOY_DIR/telebot/ chmod +x $DEPLOY_DIR/telebot/TeleBot echo "⚙️ Creating production configuration..." # Create production appsettings for LittleShop cat > $DEPLOY_DIR/littleshop/appsettings.Production.json << 'EOF' { "ConnectionStrings": { "DefaultConnection": "Data Source=/opt/littleshop/data/littleshop.db" }, "Jwt": { "Key": "CHANGE_THIS_TO_A_SECURE_KEY_IN_PRODUCTION_MINIMUM_256_BITS_LONG_FOR_SECURITY", "Issuer": "LittleShop", "Audience": "LittleShop", "ExpiryInHours": 24 }, "SilverPay": { "BaseUrl": "http://31.97.57.205:8001", "ApiKey": "sp_live_key_2025_production", "WebhookSecret": "webhook_secret_2025", "DefaultWebhookUrl": "https://your-domain.com/api/orders/payments/webhook", "AllowUnsignedWebhooks": false, "UseMockService": false }, "RoyalMail": { "ClientId": "", "ClientSecret": "", "BaseUrl": "https://api.royalmail.net/", "SenderAddress1": "Your Company Name, Your Address", "SenderCity": "Your City", "SenderPostCode": "Your PostCode", "SenderCountry": "United Kingdom" }, "WebPush": { "VapidPublicKey": "CHANGE_THIS_TO_YOUR_VAPID_PUBLIC_KEY", "VapidPrivateKey": "CHANGE_THIS_TO_YOUR_VAPID_PRIVATE_KEY", "Subject": "mailto:admin@your-domain.com" }, "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" }, "File": { "Path": "/opt/littleshop/logs/littleshop.log", "RollingInterval": "Day" } }, "AllowedHosts": "your-domain.com,www.your-domain.com" } EOF # Create production appsettings for TeleBot cat > $DEPLOY_DIR/telebot/appsettings.Production.json << 'EOF' { "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" }, "File": { "Path": "/opt/littleshop/logs/telebot.log", "RollingInterval": "Day" } }, "BotConfiguration": { "TelegramBotToken": "YOUR_TELEGRAM_BOT_TOKEN_HERE", "LittleShopApiUrl": "https://your-domain.com", "WebhookUrl": "https://your-domain.com/api/webhook" }, "AllowedHosts": "*" } EOF echo "🔧 Creating systemd services..." # Create LittleShop systemd service cat > $SYSTEMD_DIR/littleshop.service << 'EOF' [Unit] Description=LittleShop E-Commerce API After=network.target [Service] Type=notify ExecStart=/opt/littleshop/littleshop/LittleShop WorkingDirectory=/opt/littleshop/littleshop Environment=ASPNETCORE_ENVIRONMENT=Production Environment=ASPNETCORE_URLS=http://localhost:8080 User=www-data Group=www-data Restart=always RestartSec=10 SyslogIdentifier=littleshop KillSignal=SIGTERM TimeoutStopSec=30 [Install] WantedBy=multi-user.target EOF # Create TeleBot systemd service cat > $SYSTEMD_DIR/telebot.service << 'EOF' [Unit] Description=LittleShop TeleBot After=network.target littleshop.service Requires=littleshop.service [Service] Type=notify ExecStart=/opt/littleshop/telebot/TeleBot WorkingDirectory=/opt/littleshop/telebot Environment=ASPNETCORE_ENVIRONMENT=Production Environment=ASPNETCORE_URLS=http://localhost:5010 User=www-data Group=www-data Restart=always RestartSec=10 SyslogIdentifier=telebot KillSignal=SIGTERM TimeoutStopSec=30 [Install] WantedBy=multi-user.target EOF echo "🌐 Creating nginx configuration..." # Create nginx configuration cat > $NGINX_CONFIG/littleshop << 'EOF' server { listen 80; server_name your-domain.com www.your-domain.com; # Redirect HTTP to HTTPS return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name your-domain.com www.your-domain.com; # SSL Configuration (Replace with your SSL certificates) ssl_certificate /etc/ssl/certs/your-domain.crt; ssl_certificate_key /etc/ssl/private/your-domain.key; # Security headers add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; # Rate limiting limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; limit_req_zone $binary_remote_addr zone=webhook:10m rate=5r/s; # Main API location / { limit_req zone=api burst=20 nodelay; proxy_pass http://localhost:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; # Timeouts proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # Webhook endpoint (higher rate limit) location /api/orders/payments/webhook { limit_req zone=webhook burst=10 nodelay; proxy_pass http://localhost:8080; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # TeleBot webhook location /api/webhook { limit_req zone=webhook burst=10 nodelay; proxy_pass http://localhost:5010; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Health checks location /health { proxy_pass http://localhost:8080; access_log off; } # Static files caching location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { expires 1y; add_header Cache-Control "public, immutable"; } } EOF echo "🔐 Setting permissions..." chown -R www-data:www-data $DEPLOY_DIR chmod -R 755 $DEPLOY_DIR chmod 600 $DEPLOY_DIR/littleshop/appsettings.Production.json chmod 600 $DEPLOY_DIR/telebot/appsettings.Production.json echo "🔄 Reloading systemd and enabling services..." systemctl daemon-reload systemctl enable littleshop systemctl enable telebot echo "📁 Creating log rotation..." cat > /etc/logrotate.d/littleshop << 'EOF' /opt/littleshop/logs/*.log { daily missingok rotate 30 compress delaycompress notifempty create 644 www-data www-data postrotate systemctl reload littleshop systemctl reload telebot endscript } EOF echo "✅ Deployment complete!" echo "" echo "📋 Next Steps:" echo "1. Update configuration files with your production values:" echo " - $DEPLOY_DIR/littleshop/appsettings.Production.json" echo " - $DEPLOY_DIR/telebot/appsettings.Production.json" echo " - $NGINX_CONFIG/littleshop" echo "" echo "2. Configure SSL certificates in nginx" echo "3. Enable nginx site: ln -s $NGINX_CONFIG/littleshop /etc/nginx/sites-enabled/" echo "4. Test nginx config: nginx -t" echo "5. Reload nginx: systemctl reload nginx" echo "6. Start services:" echo " systemctl start littleshop" echo " systemctl start telebot" echo "" echo "7. Check service status:" echo " systemctl status littleshop" echo " systemctl status telebot" echo "" echo "8. View logs:" echo " journalctl -u littleshop -f" echo " journalctl -u telebot -f" echo "" echo "🚀 LittleShop is ready for production!"