Bash script to remove and setup nginx, and then configure two sites - one FastAPI app, and one Streamlit app, on different sub-domains of denkers.co

setup_nginx_and_configure_sites.sh

#!/bin/bash
# File: ~/src/setup_nginx_and_services.sh

set -e  # Exit immediately if a command exits with a non-zero status

# Variables
DOMAIN_DASHBOARD="dashboard.denkers.co"
DOMAIN_API="api.denkers.co"
NGINX_CONF="/etc/nginx/sites-available/denkers.co"
SYSTEMD_DIR="/etc/systemd/system"
STREAMLIT_WORKDIR="/home/ubuntu/src/dashboard"
FASTAPI_WORKDIR="/home/ubuntu/src/queue"
EMAIL="[email protected]"

echo "=========================================="
echo " 1️⃣  Removing old Nginx and cleaning up"
echo "=========================================="

# Remove Nginx and Certbot
sudo apt-get purge -y nginx nginx-common || true
sudo apt-get autoremove -y
sudo rm -rf /etc/nginx /etc/letsencrypt /var/log/nginx
sudo systemctl stop nginx || true

echo "=========================================="
echo " 2️⃣  Reinstalling Nginx and Certbot"
echo "=========================================="

# Reinstall Nginx, Certbot, and dependencies
sudo apt-get update
sudo apt-get install -y nginx certbot python3-certbot-nginx python3-pip

echo "=========================================="
echo " 3️⃣  Setting up directory structure"
echo "=========================================="

# Create directories for Streamlit and FastAPI apps
sudo mkdir -p $STREAMLIT_WORKDIR
sudo mkdir -p $FASTAPI_WORKDIR

# Create directories for self-signed certificates
sudo mkdir -p /etc/ssl/certs /etc/ssl/private

echo "=========================================="
echo " 4️⃣  Generating self-signed SSL certificates"
echo "=========================================="

# Generate self-signed SSL certificates for dashboard and api
sudo openssl req -x509 -newkey rsa:4096 -days 365 -nodes \
    -keyout /etc/ssl/private/selfsigned.key \
    -out /etc/ssl/certs/selfsigned.crt \
    -subj "/CN=localhost"

echo "=========================================="
echo " 5️⃣  Writing Nginx configuration"
echo "=========================================="

# Write the Nginx configuration file
sudo tee /etc/nginx/sites-available/denkers.co > /dev/null <<EOL
server {
    listen 80;
    server_name dashboard.denkers.co api.denkers.co;
    return 301 https://\$host\$request_uri;
}

server {
    listen 443 ssl;
    server_name $DOMAIN_DASHBOARD;

    ssl_certificate /etc/ssl/certs/selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/selfsigned.key;

    location / {
        proxy_pass http://127.0.0.1:8501;
    }

    client_max_body_size 10M;
}

server {
    listen 443 ssl;
    server_name $DOMAIN_API;

    ssl_certificate /etc/ssl/certs/selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/selfsigned.key;

    location / {
        proxy_pass http://127.0.0.1:8000;
    }

    client_max_body_size 50M;
}
EOL

echo "=========================================="
echo " 6️⃣  Enabling Nginx configuration"
echo "=========================================="

# Create symbolic link to enable the configuration
if [ ! -f /etc/nginx/sites-enabled/denkers.co ]; then
    sudo ln -s /etc/nginx/sites-available/denkers.co /etc/nginx/sites-enabled/
fi

# Test Nginx configuration
sudo nginx -t

# Restart Nginx
sudo systemctl restart nginx

echo "=========================================="
echo " 7️⃣  Obtaining real SSL certificates with Certbot"
echo "=========================================="

# Obtain real SSL certificates
sudo certbot --nginx -d $DOMAIN_DASHBOARD -d $DOMAIN_API --non-interactive --agree-tos -m $EMAIL

echo "=========================================="
echo " 8️⃣  Reloading Nginx with real certificates"
echo "=========================================="

# Restart Nginx to use the new certificates
sudo systemctl reload nginx

echo "=========================================="
echo " 9️⃣  Writing systemd services for Streamlit and FastAPI"
echo "=========================================="

# Write systemd service for Streamlit
sudo tee $SYSTEMD_DIR/streamlit.service > /dev/null <<EOL
[Unit]
Description=Streamlit Application
After=network.target

[Service]
User=ubuntu
WorkingDirectory=$STREAMLIT_WORKDIR
ExecStart=/usr/bin/streamlit run main.py --server.port 8501
Restart=always

[Install]
WantedBy=multi-user.target
EOL

# Write systemd service for FastAPI
sudo tee $SYSTEMD_DIR/fastapi.service > /dev/null <<EOL
[Unit]
Description=FastAPI Application
After=network.target

[Service]
User=ubuntu
WorkingDirectory=$FASTAPI_WORKDIR
ExecStart=/usr/bin/uvicorn main:app --host 0.0.0.0 --port 8000 --reload
Restart=always

[Install]
WantedBy=multi-user.target
EOL

echo "=========================================="
echo " 🔄 Reloading systemd and enabling services"
echo "=========================================="

# Reload systemd and enable the services
sudo systemctl daemon-reload
sudo systemctl enable streamlit.service
sudo systemctl enable fastapi.service

# Start services
sudo systemctl start streamlit.service
sudo systemctl start fastapi.service

echo "=========================================="
echo " 🎉 Setup Complete!"
echo "=========================================="
echo "Streamlit is live at https://$DOMAIN_DASHBOARD"
echo "FastAPI is live at https://$DOMAIN_API"