Set up a production Umami instance on a previously Docker-configured Ubuntu Server machine

umami-setup.sh

#!/bin/bash

# Production-Ready Umami Setup Script
# This script sets up Umami with Docker Compose, Nginx reverse proxy, and automatic SSL

set -euo pipefail

# Function to generate a secure random password
generate_password() {
    openssl rand -base64 32 | tr -d /=+ | cut -c -32
}

# Function to prompt for domain name
get_domain_name() {
    read -p "Enter the domain name for Umami (e.g., analytics.example.com): " DOMAIN_NAME
    if [ -z "$DOMAIN_NAME" ]; then
        echo "Domain name cannot be empty. Please try again."
        get_domain_name
    fi
}

# Get domain name
get_domain_name

# Create directory for Umami
sudo mkdir -p /opt/umami
cd /opt/umami

# Generate a secure random password
DB_PASSWORD=$(generate_password)

# Create a .env file to store the password and domain
cat << EOF > .env
DB_PASSWORD=$DB_PASSWORD
DOMAIN_NAME=$DOMAIN_NAME
EOF

# Create docker-compose.yml file
cat << EOF > docker-compose.yml
version: '3.8'

services:
  umami:
    image: docker.umami.is/umami-software/umami:postgresql-latest
    container_name: umami
    ports:
      - "127.0.0.1:3000:3000"
    environment:
      DATABASE_URL: postgres://umami:${DB_PASSWORD}@db:5432/umami
      NODE_ENV: production
    depends_on:
      - db
    restart: always
    networks:
      - umami_network

  db:
    image: postgres:13
    container_name: umami_db
    environment:
      POSTGRES_DB: umami
      POSTGRES_USER: umami
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - /opt/umami/postgres-data:/var/lib/postgresql/data
    restart: always
    networks:
      - umami_network

volumes:
  postgres-data:
    driver: local

networks:
  umami_network:
    name: umami_network
EOF

# Create update script
cat << EOF > update-umami.sh
#!/bin/bash
cd /opt/umami
docker-compose pull
docker-compose up -d
EOF

chmod +x update-umami.sh

# Set up cron job for updates
(crontab -l 2>/dev/null; echo "0 2 * * * /opt/umami/update-umami.sh") | crontab -

# Install Nginx and Certbot
sudo apt update
sudo apt install -y nginx certbot python3-certbot-nginx

# Create Nginx configuration
sudo tee /etc/nginx/sites-available/umami > /dev/null << EOF
server {
    server_name ${DOMAIN_NAME};

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }

    listen 80;
}
EOF

# Enable the Nginx site
sudo ln -sf /etc/nginx/sites-available/umami /etc/nginx/sites-enabled/

# Test Nginx configuration
sudo nginx -t

# Reload Nginx
sudo systemctl reload nginx

# Obtain SSL certificate
sudo certbot --nginx -d ${DOMAIN_NAME} --non-interactive --agree-tos --email admin@${DOMAIN_NAME} --redirect

# Create systemd service file
sudo tee /etc/systemd/system/umami.service > /dev/null << EOF
[Unit]
Description=Umami Docker Compose Application
Requires=docker.service
After=docker.service

[Service]
WorkingDirectory=/opt/umami
ExecStart=/usr/local/bin/docker-compose up
ExecStop=/usr/local/bin/docker-compose down
Restart=always

[Install]
WantedBy=multi-user.target
EOF

# Reload systemd, enable and start Umami service
sudo systemctl daemon-reload
sudo systemctl enable umami.service
sudo systemctl start umami.service

# Set up automatic renewal for SSL certificate
sudo tee /etc/cron.d/certbot-renew > /dev/null << EOF
0 0,12 * * * root certbot renew --quiet --post-hook "systemctl reload nginx"
EOF

echo "Umami setup complete. The service has been started and is accessible at https://${DOMAIN_NAME}"
echo "A secure random password has been generated and stored in /opt/umami/.env"
echo "Please make sure to keep this password safe and secure."