hhf/authentik_ngx_cloudpanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
authentik_ngx_cloudpanel/authentik-install.sh
hhf 4a8678f2b2 Add authentik-install.sh
2024-12-12 22:07:57 +05:30

388 lines
No EOL
12 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
# Script to install Docker and Authentik with verification and redeployment capabilities
# Must be run with root privileges
# Error handling
set -e
trap 'echo "Error on line $LINENO. Exit code: $?"' ERR
# Configuration
INSTALL_DIR="/docker/authentik"
COMPOSE_FILE="${INSTALL_DIR}/docker-compose.yml"
LOG_FILE="/var/log/authentik-install.log"
CONTAINER_NAME="authentik"
POSTGRES_PASSWORD=$(openssl rand -base64 32)
SECRET_KEY=$(openssl rand -base64 32)
ADMIN_PASSWORD=$(openssl rand -base64 12)
ADMIN_TOKEN=$(openssl rand -hex 32)
ADMIN_EMAIL="admin@example.com" # Default value, can be overridden
# Utility functions
check_port_availability() {
local port=$1
if lsof -i ":$port" >/dev/null 2>&1; then
local process_info=$(lsof -i ":$port" | tail -n 1)
local pid=$(echo "$process_info" | awk '{print $2}')
local process_name=$(echo "$process_info" | awk '{print $1}')
log_message "⚠ Error: Port $port is already in use by process $process_name (PID: $pid)"
return 1
fi
return 0
}
check_required_ports() {
local required_ports=(9000 9443)
local ports_in_use=()
for port in "${required_ports[@]}"; do
if ! check_port_availability "$port"; then
ports_in_use+=($port)
fi
done
if [ ${#ports_in_use[@]} -ne 0 ]; then
log_message "The following required ports are already in use: ${ports_in_use[*]}"
log_message "Please free these ports before proceeding with the installation."
return 1
fi
log_message "✓ All required ports are available"
return 0
}
log_message() {
local message="[$(date '+%Y-%m-%d %H:%M:%S')] $1"
echo "$message"
echo "$message" >> "$LOG_FILE"
}
show_container_status() {
log_message "Current container status:"
echo "----------------------------------------"
docker compose ps --format "table {{.Name}}\t{{.Status}}\t{{.Ports}}"
echo "----------------------------------------"
}
check_service_status() {
local max_attempts=10
local attempt=1
local delay=30
while [ $attempt -le $max_attempts ]; do
log_message "Checking services (attempt $attempt/$max_attempts)..."
local all_services_running=true
local services=("server" "worker" "postgresql" "redis")
local failed_services=()
# Check each service
for service in "${services[@]}"; do
local container_name="authentik-${service}-1"
# Check if container exists and is running
if ! docker ps -q -f name="$container_name" >/dev/null 2>&1; then
failed_services+=("$service")
all_services_running=false
continue
fi
# Check container status
local status=$(docker inspect -f '{{.State.Status}}' "$container_name" 2>/dev/null)
if [ "$status" != "running" ]; then
failed_services+=("$service")
all_services_running=false
fi
done
if [ "$all_services_running" = true ]; then
# All containers are running, now check if server is responding
log_message "All containers are running, checking web interface..."
# Give the web interface a few attempts to respond
for i in {1..3}; do
if curl -sf http://localhost:9000 >/dev/null 2>&1; then
log_message "Web interface is responding"
return 0
fi
sleep 10
done
fi
if [ $attempt -lt $max_attempts ]; then
if [ ${#failed_services[@]} -ne 0 ]; then
log_message "Services still initializing: ${failed_services[*]}"
else
log_message "Waiting for web interface to become available..."
fi
sleep $delay
fi
attempt=$((attempt + 1))
done
if [ ${#failed_services[@]} -ne 0 ]; then
log_message "The following services failed to start: ${failed_services[*]}"
else
log_message "Web interface failed to respond"
fi
return 1
}
verify_installation() {
log_message "Verifying Authentik installation..."
if ! check_service_status; then
log_message "Authentik services are not running properly"
return 1
fi
log_message "Authentik services are running properly"
return 0
}
check_docker_version() {
local current_version=$(docker --version | cut -d ' ' -f3 | cut -d ',' -f1)
log_message "Current Docker version: $current_version"
apt-get update >/dev/null 2>&1
local available_version=$(apt-cache policy docker-ce | grep Candidate | cut -d ' ' -f4)
if [ "$current_version" != "$available_version" ]; then
log_message "New Docker version available: $available_version"
read -p "Do you want to upgrade Docker? (y/N) " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
apt-get install -y docker-ce docker-ce-cli containerd.io
fi
fi
}
redeploy_service() {
log_message "Redeploying Authentik..."
cd "$INSTALL_DIR"
docker compose down
docker compose up -d
local retries=0
while ! check_service_status && [ $retries -lt 5 ]; do
log_message "Waiting for Authentik to become healthy..."
sleep 30
retries=$((retries + 1))
done
if [ $retries -eq 5 ]; then
log_message "Failed to redeploy Authentik after 5 attempts"
return 1
fi
log_message "Authentik redeployed successfully"
return 0
}
backup_existing_data() {
if [ -d "$INSTALL_DIR" ]; then
local backup_dir="${INSTALL_DIR}_backup_$(date +%Y%m%d_%H%M%S)"
log_message "Creating backup of existing installation at $backup_dir"
cp -r "$INSTALL_DIR" "$backup_dir"
fi
}
check_existing_installation() {
log_message "Checking existing Authentik installation..."
if [ -f "$COMPOSE_FILE" ]; then
log_message "Existing installation found"
show_container_status
if verify_installation; then
log_message "✓ Authentik is running correctly"
log_message "✓ Authentik is accessible at http://localhost:9000"
return 0
else
log_message "⚠ Service issues detected. Starting recovery process..."
return 1
fi
fi
return 1
}
# Main script execution starts here
# Check if script is run as root
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
# Initialize log file
mkdir -p "$(dirname "$LOG_FILE")"
touch "$LOG_FILE"
log_message "Starting Authentik installation/verification script"
# Check if Docker is installed
if ! command -v docker &> /dev/null; then
log_message "Docker not found. Installing Docker..."
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
apt-get update
apt-get install -y docker-compose-plugin
log_message "Docker installed successfully"
else
log_message "Docker already installed"
check_docker_version
fi
# Check existing installation or proceed with new installation
if check_existing_installation; then
exit 0
else
if [ -f "$COMPOSE_FILE" ]; then
# Attempt to recover existing installation
backup_existing_data
if ! redeploy_service; then
log_message "Failed to redeploy Authentik. Manual intervention may be required."
exit 1
fi
else
# New installation
log_message "Starting new Authentik installation"
# Create installation directory
mkdir -p "$INSTALL_DIR"
cd "$INSTALL_DIR"
# Check if required ports are available
if ! check_required_ports; then
log_message "⚠ Port conflict detected. Please resolve the conflicts and run the script again."
exit 1
fi
# Create docker-compose.yml
cat > docker-compose.yml <<EOF
version: "3.4"
services:
postgresql:
image: docker.io/library/postgres:12
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d authentik -U authentik"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- database:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_USER: authentik
POSTGRES_DB: authentik
networks:
- authentik
redis:
image: docker.io/library/redis:alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
networks:
- authentik
server:
image: ghcr.io/goauthentik/server:latest
restart: unless-stopped
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD}
AUTHENTIK_SECRET_KEY: ${SECRET_KEY}
AUTHENTIK_BOOTSTRAP_PASSWORD: ${ADMIN_PASSWORD}
AUTHENTIK_BOOTSTRAP_TOKEN: ${ADMIN_TOKEN}
AUTHENTIK_BOOTSTRAP_EMAIL: ${ADMIN_EMAIL}
volumes:
- ./media:/media
- ./custom-templates:/templates
ports:
- "9000:9000"
- "9443:9443"
networks:
- authentik
depends_on:
- postgresql
- redis
worker:
image: ghcr.io/goauthentik/server:latest
restart: unless-stopped
command: worker
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD}
AUTHENTIK_SECRET_KEY: ${SECRET_KEY}
volumes:
- ./media:/media
- ./certs:/certs
- ./custom-templates:/templates
networks:
- authentik
depends_on:
- postgresql
- redis
networks:
authentik:
name: authentik
volumes:
database:
name: authentik_database
EOF
# Create required directories
mkdir -p media custom-templates certs
chmod 777 media custom-templates certs
# Start services
log_message "Starting Authentik services..."
docker compose up -d
# Give services time to initialize
log_message "Waiting for services to initialize (this may take several minutes)..."
log_message "Initial database setup and migrations may take some time on first run..."
sleep 60 # Give more initial time for first database setup
# Verify installation
if verify_installation; then
log_message "✓ Installation completed successfully!"
show_container_status
log_message "Important next steps:"
log_message "1. Access Authentik at http://localhost:9000"
log_message "2. Store these credentials safely:"
log_message " Admin Email: ${ADMIN_EMAIL}"
log_message " Admin Password: ${ADMIN_PASSWORD}"
log_message " Admin API Token: ${ADMIN_TOKEN}"
log_message " PostgreSQL Password: ${POSTGRES_PASSWORD}"
log_message " Secret Key: ${SECRET_KEY}"
log_message "4. Set up a reverse proxy in CloudPanel"
log_message "5. Create SSL certificate for your domain"
else
log_message "Installation completed but services are not running properly"
log_message "Please check the logs and try redeploying the services"
exit 1
fi
fi
fi
Reference in a new issue View git blame Copy permalink