VPS setup

2026-03-07 17:33:08 +02:00
parent b30d47c576
commit 82b9cfc8e3
5 changed files with 154 additions and 136 deletions
--- a/scripts/fix-nginx-redirect-loop.md
+++ b/scripts/fix-nginx-redirect-loop.md
@@ -0,0 +1,77 @@
+# Fix 301 redirect loop (Certbot duplicate 443 block)
+
+## Cause
+
+Certbot added a **second** HTTPS server block that only has:
+- `location / { return 301 https://$host$request_uri; }`
+- `listen 443 ssl` + SSL cert paths
+
+That block is matched first for `https://testforapp.website/`, so every request gets 301 → same URL → loop. Your real HTTPS block (frontend, API, phpMyAdmin) is never used for `/`.
+
+## Fix on VPS
+
+1. **Open the site config**
+   ```bash
+   sudo nano /etc/nginx/sites-enabled/testforapp.website
+   ```
+
+2. **Find and remove the Certbot-only HTTPS block**
+
+   Look for a block that looks like this (it may be at the **top** of the file, before the `map` and your big HTTPS server):
+
+   ```nginx
+   server {
+       server_name testforapp.website;
+
+       location /.well-known/acme-challenge/ {
+           root /var/www/certbot;
+       }
+
+       location / {
+           return 301 https://$host$request_uri;
+       }
+
+       listen [::]:443 ssl ipv6only=on; # managed by Certbot
+       listen 443 ssl; # managed by Certbot
+       ssl_certificate /etc/letsencrypt/live/testforapp.website/fullchain.pem; # managed by Certbot
+       ssl_certificate_key /etc/letsencrypt/live/testforapp.website/privkey.pem; # managed by Certbot
+       include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+       ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+   }
+   ```
+
+   **Delete this entire `server { ... }` block** (from `server {` through the closing `}`).
+
+3. **Ensure your main HTTPS block has SSL and listen**
+
+   Find your main HTTPS server (the one with `# HTTPS server`, `root /opt/app/frontend/dist`, all the `location` blocks). It must have at the top of that block (right after `server {`):
+
+   - `listen 443 ssl;` and `listen [::]:443 ssl;`
+   - `ssl_certificate` and `ssl_certificate_key` (and optionally `include /etc/letsencrypt/options-ssl-nginx.conf;` and `ssl_dhparam`)
+
+   If those lines are missing, add them (copy from the block you deleted):
+
+   ```nginx
+   server {
+       listen 443 ssl;
+       listen [::]:443 ssl;
+       server_name testforapp.website;
+       ssl_certificate /etc/letsencrypt/live/testforapp.website/fullchain.pem;
+       ssl_certificate_key /etc/letsencrypt/live/testforapp.website/privkey.pem;
+       include /etc/letsencrypt/options-ssl-nginx.conf;
+       ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+       # ... rest of your config (root, locations, etc.)
+   }
+   ```
+
+4. **Test and reload**
+   ```bash
+   sudo nginx -t && sudo systemctl reload nginx
+   ```
+
+5. **Verify**
+   ```bash
+   curl -I -k https://127.0.0.1/ -H "Host: testforapp.website"
+   ```
+   You should see `200 OK` (or `304`) and no `Location` header, and https://testforapp.website/ should load in the browser.
--- a/scripts/rolling-update.sh
+++ b/scripts/rolling-update.sh
@@ -44,39 +44,39 @@ COMPOSE_FILE="${PROJECT_DIR}/docker-compose.prod.yml"
 # Priority: sites-enabled (what Nginx actually loads) > conf.d > custom paths
 NGINX_CONF="${NGINX_CONF:-}"
 if [ -z "$NGINX_CONF" ]; then
-    if [ -f "/etc/nginx/sites-enabled/win-spin.live" ]; then
-        NGINX_CONF="/etc/nginx/sites-enabled/win-spin.live"
+    if [ -f "/etc/nginx/sites-enabled/honey.live" ]; then
+        NGINX_CONF="/etc/nginx/sites-enabled/honey.live"
        log "Using Nginx config: $NGINX_CONF (sites-enabled - active config)"
-    elif [ -f "/etc/nginx/sites-enabled/win-spin.live.conf" ]; then
-        NGINX_CONF="/etc/nginx/sites-enabled/win-spin.live.conf"
+    elif [ -f "/etc/nginx/sites-enabled/honey.live.conf" ]; then
+        NGINX_CONF="/etc/nginx/sites-enabled/honey.live.conf"
        log "Using Nginx config: $NGINX_CONF (sites-enabled - active config)"
    elif [ -f "/etc/nginx/conf.d/honey.conf" ]; then
        NGINX_CONF="/etc/nginx/conf.d/honey.conf"
        log "Using Nginx config: $NGINX_CONF (conf.d)"
-    elif [ -f "/opt/app/nginx/win-spin.live.conf" ]; then
-        warn "Found config at /opt/app/nginx/win-spin.live.conf"
+    elif [ -f "/opt/app/nginx/honey.live.conf" ]; then
+        warn "Found config at /opt/app/nginx/honey.live.conf"
        warn "Checking if it's symlinked to /etc/nginx/sites-enabled/..."
-        if [ -L "/etc/nginx/sites-enabled/win-spin.live" ] || [ -L "/etc/nginx/sites-enabled/win-spin.live.conf" ]; then
+        if [ -L "/etc/nginx/sites-enabled/honey.live" ] || [ -L "/etc/nginx/sites-enabled/honey.live.conf" ]; then
            # Find the actual target
-            local target=$(readlink -f /etc/nginx/sites-enabled/win-spin.live 2>/dev/null || readlink -f /etc/nginx/sites-enabled/win-spin.live.conf 2>/dev/null)
+            local target=$(readlink -f /etc/nginx/sites-enabled/honey.live 2>/dev/null || readlink -f /etc/nginx/sites-enabled/honey.live.conf 2>/dev/null)
            if [ -n "$target" ]; then
                NGINX_CONF="$target"
                log "Using Nginx config: $NGINX_CONF (symlink target)"
            else
-                NGINX_CONF="/opt/app/nginx/win-spin.live.conf"
+                NGINX_CONF="/opt/app/nginx/honey.live.conf"
                warn "Using custom path - will update this file, but you may need to copy to sites-enabled"
            fi
        else
-            NGINX_CONF="/opt/app/nginx/win-spin.live.conf"
+            NGINX_CONF="/opt/app/nginx/honey.live.conf"
            warn "Using custom path - will update this file, but you may need to copy to sites-enabled"
        fi
    else
        error "Cannot find Nginx config file."
        error "Searched:"
-        error "  - /etc/nginx/sites-enabled/win-spin.live"
-        error "  - /etc/nginx/sites-enabled/win-spin.live.conf"
+        error "  - /etc/nginx/sites-enabled/honey.live"
+        error "  - /etc/nginx/sites-enabled/honey.live.conf"
        error "  - /etc/nginx/conf.d/honey.conf"
-        error "  - /opt/app/nginx/win-spin.live.conf"
+        error "  - /opt/app/nginx/honey.live.conf"
        error ""
        error "Please set NGINX_CONF environment variable with the correct path."
        exit 1
--- a/scripts/rolling-update.staged.sh
+++ b/scripts/rolling-update.staged.sh
@@ -44,39 +44,39 @@ COMPOSE_FILE="${PROJECT_DIR}/docker-compose.staged.yml"
 # Priority: sites-enabled (what Nginx actually loads) > conf.d > custom paths
 NGINX_CONF="${NGINX_CONF:-}"
 if [ -z "$NGINX_CONF" ]; then
-    if [ -f "/etc/nginx/sites-enabled/win-spin.live" ]; then
-        NGINX_CONF="/etc/nginx/sites-enabled/win-spin.live"
+    if [ -f "/etc/nginx/sites-enabled/honey.live" ]; then
+        NGINX_CONF="/etc/nginx/sites-enabled/honey.live"
        log "Using Nginx config: $NGINX_CONF (sites-enabled - active config)"
-    elif [ -f "/etc/nginx/sites-enabled/win-spin.live.conf" ]; then
-        NGINX_CONF="/etc/nginx/sites-enabled/win-spin.live.conf"
+    elif [ -f "/etc/nginx/sites-enabled/honey.live.conf" ]; then
+        NGINX_CONF="/etc/nginx/sites-enabled/honey.live.conf"
        log "Using Nginx config: $NGINX_CONF (sites-enabled - active config)"
    elif [ -f "/etc/nginx/conf.d/honey.conf" ]; then
        NGINX_CONF="/etc/nginx/conf.d/honey.conf"
        log "Using Nginx config: $NGINX_CONF (conf.d)"
-    elif [ -f "/opt/app/nginx/win-spin.live.conf" ]; then
-        warn "Found config at /opt/app/nginx/win-spin.live.conf"
+    elif [ -f "/opt/app/nginx/honey.live.conf" ]; then
+        warn "Found config at /opt/app/nginx/honey.live.conf"
        warn "Checking if it's symlinked to /etc/nginx/sites-enabled/..."
-        if [ -L "/etc/nginx/sites-enabled/win-spin.live" ] || [ -L "/etc/nginx/sites-enabled/win-spin.live.conf" ]; then
+        if [ -L "/etc/nginx/sites-enabled/honey.live" ] || [ -L "/etc/nginx/sites-enabled/honey.live.conf" ]; then
            # Find the actual target
-            local target=$(readlink -f /etc/nginx/sites-enabled/win-spin.live 2>/dev/null || readlink -f /etc/nginx/sites-enabled/win-spin.live.conf 2>/dev/null)
+            local target=$(readlink -f /etc/nginx/sites-enabled/honey.live 2>/dev/null || readlink -f /etc/nginx/sites-enabled/honey.live.conf 2>/dev/null)
            if [ -n "$target" ]; then
                NGINX_CONF="$target"
                log "Using Nginx config: $NGINX_CONF (symlink target)"
            else
-                NGINX_CONF="/opt/app/nginx/win-spin.live.conf"
+                NGINX_CONF="/opt/app/nginx/honey.live.conf"
                warn "Using custom path - will update this file, but you may need to copy to sites-enabled"
            fi
        else
-            NGINX_CONF="/opt/app/nginx/win-spin.live.conf"
+            NGINX_CONF="/opt/app/nginx/honey.live.conf"
            warn "Using custom path - will update this file, but you may need to copy to sites-enabled"
        fi
    else
        error "Cannot find Nginx config file."
        error "Searched:"
-        error "  - /etc/nginx/sites-enabled/win-spin.live"
-        error "  - /etc/nginx/sites-enabled/win-spin.live.conf"
+        error "  - /etc/nginx/sites-enabled/honey.live"
+        error "  - /etc/nginx/sites-enabled/honey.live.conf"
        error "  - /etc/nginx/conf.d/honey.conf"
-        error "  - /opt/app/nginx/win-spin.live.conf"
+        error "  - /opt/app/nginx/honey.live.conf"
        error ""
        error "Please set NGINX_CONF environment variable with the correct path."
        exit 1