Last active
July 29, 2024 01:48
-
-
Save rameerez/ec6f61734a40bd64084fd2e58fa976c7 to your computer and use it in GitHub Desktop.
Set up a production Umami instance on a previously Docker-configured Ubuntu Server machine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Production-Ready Umami Setup Script | |
# This script sets up Umami with Docker Compose, Nginx reverse proxy, and automatic SSL | |
set -euo pipefail | |
# Function to generate a secure random password | |
generate_password() { | |
openssl rand -base64 32 | tr -d /=+ | cut -c -32 | |
} | |
# Function to prompt for domain name | |
get_domain_name() { | |
read -p "Enter the domain name for Umami (e.g., analytics.example.com): " DOMAIN_NAME | |
if [ -z "$DOMAIN_NAME" ]; then | |
echo "Domain name cannot be empty. Please try again." | |
get_domain_name | |
fi | |
} | |
# Get domain name | |
get_domain_name | |
# Create directory for Umami | |
sudo mkdir -p /opt/umami | |
cd /opt/umami | |
# Generate a secure random password | |
DB_PASSWORD=$(generate_password) | |
# Create a .env file to store the password and domain | |
cat << EOF > .env | |
DB_PASSWORD=$DB_PASSWORD | |
DOMAIN_NAME=$DOMAIN_NAME | |
EOF | |
# Create docker-compose.yml file | |
cat << EOF > docker-compose.yml | |
version: '3.8' | |
services: | |
umami: | |
image: docker.umami.is/umami-software/umami:postgresql-latest | |
container_name: umami | |
ports: | |
- "127.0.0.1:3000:3000" | |
environment: | |
DATABASE_URL: postgres://umami:${DB_PASSWORD}@db:5432/umami | |
NODE_ENV: production | |
depends_on: | |
- db | |
restart: always | |
networks: | |
- umami_network | |
db: | |
image: postgres:13 | |
container_name: umami_db | |
environment: | |
POSTGRES_DB: umami | |
POSTGRES_USER: umami | |
POSTGRES_PASSWORD: ${DB_PASSWORD} | |
volumes: | |
- /opt/umami/postgres-data:/var/lib/postgresql/data | |
restart: always | |
networks: | |
- umami_network | |
volumes: | |
postgres-data: | |
driver: local | |
networks: | |
umami_network: | |
name: umami_network | |
EOF | |
# Create update script | |
cat << EOF > update-umami.sh | |
#!/bin/bash | |
cd /opt/umami | |
docker-compose pull | |
docker-compose up -d | |
EOF | |
chmod +x update-umami.sh | |
# Set up cron job for updates | |
(crontab -l 2>/dev/null; echo "0 2 * * * /opt/umami/update-umami.sh") | crontab - | |
# Install Nginx and Certbot | |
sudo apt update | |
sudo apt install -y nginx certbot python3-certbot-nginx | |
# Create Nginx configuration | |
sudo tee /etc/nginx/sites-available/umami > /dev/null << EOF | |
server { | |
server_name ${DOMAIN_NAME}; | |
location / { | |
proxy_pass http://127.0.0.1:3000; | |
proxy_set_header Host \$host; | |
proxy_set_header X-Real-IP \$remote_addr; | |
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto \$scheme; | |
} | |
listen 80; | |
} | |
EOF | |
# Enable the Nginx site | |
sudo ln -sf /etc/nginx/sites-available/umami /etc/nginx/sites-enabled/ | |
# Test Nginx configuration | |
sudo nginx -t | |
# Reload Nginx | |
sudo systemctl reload nginx | |
# Obtain SSL certificate | |
sudo certbot --nginx -d ${DOMAIN_NAME} --non-interactive --agree-tos --email admin@${DOMAIN_NAME} --redirect | |
# Create systemd service file | |
sudo tee /etc/systemd/system/umami.service > /dev/null << EOF | |
[Unit] | |
Description=Umami Docker Compose Application | |
Requires=docker.service | |
After=docker.service | |
[Service] | |
WorkingDirectory=/opt/umami | |
ExecStart=/usr/local/bin/docker-compose up | |
ExecStop=/usr/local/bin/docker-compose down | |
Restart=always | |
[Install] | |
WantedBy=multi-user.target | |
EOF | |
# Reload systemd, enable and start Umami service | |
sudo systemctl daemon-reload | |
sudo systemctl enable umami.service | |
sudo systemctl start umami.service | |
# Set up automatic renewal for SSL certificate | |
sudo tee /etc/cron.d/certbot-renew > /dev/null << EOF | |
0 0,12 * * * root certbot renew --quiet --post-hook "systemctl reload nginx" | |
EOF | |
echo "Umami setup complete. The service has been started and is accessible at https://${DOMAIN_NAME}" | |
echo "A secure random password has been generated and stored in /opt/umami/.env" | |
echo "Please make sure to keep this password safe and secure." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment