diff --git a/.env.example b/.env.example index baccc3a..57252c7 100644 --- a/.env.example +++ b/.env.example @@ -1,14 +1,14 @@ # Registry -REGISTRY=registry.yourdomain.com +REGISTRY=registry.bonamin.gr VERSION=1.0.0 -# Backend runtime secrets (get SITE_ID and SITE_KEY from sysadmin panel) +# Backend runtime secrets (get SITE_ID and SITE_KEY from the sysadmin panel) SITE_ID=your-site-id SITE_KEY=your-site-key -CLOUD_URL=https://api.yourdomain.com +CLOUD_URL=https://xenia-admin.bonamin.gr SECRET_KEY=generate-with-openssl-rand-hex-32 LICENSE_GRACE_HOURS=24 -# Volumes — absolute paths recommended on client machines -DATA_PATH=/home/user/appdata/pos/data -LOGO_PATH=/home/user/appdata/pos/logo.png +# Volumes — absolute paths on the client machine +DATA_PATH=/opt/xenia/data +LOGO_PATH=/opt/xenia/logo.png diff --git a/install.sh b/install.sh index ef6850b..55a41ae 100644 --- a/install.sh +++ b/install.sh @@ -1,6 +1,6 @@ #!/bin/bash # Xenia POS — first-time install script -# Run this on the server machine before starting the stack. +# Run this on the client machine before starting the stack. # Usage: bash install.sh set -e @@ -11,13 +11,48 @@ echo "=== Xenia POS Install ===" echo "" # ── 1. Create required directories ─────────────────────────────────────────── -echo "[ 1/4 ] Creating directories..." +echo "[ 1/5 ] Creating directories..." mkdir -p "$SCRIPT_DIR/data" mkdir -p "$SCRIPT_DIR/certs" mkdir -p "$SCRIPT_DIR/nginx-proxy" +mkdir -p /opt/xenia/data +touch /opt/xenia/logo.png 2>/dev/null || true -# ── 2. Write nginx-proxy/nginx.conf ────────────────────────────────────────── -echo "[ 2/4 ] Writing nginx proxy config..." +# ── 2. Create .env from .env.example if missing ─────────────────────────────── +echo "[ 2/5 ] Configuring environment..." + +if [ ! -f "$SCRIPT_DIR/.env" ]; then + cp "$SCRIPT_DIR/.env.example" "$SCRIPT_DIR/.env" + echo "" + echo " A .env file has been created from .env.example." + echo " You must fill in SITE_ID, SITE_KEY, and SECRET_KEY before starting." + echo "" + echo " Get SITE_ID and SITE_KEY from: https://xenia-admin.bonamin.gr" + echo " Generate SECRET_KEY with: openssl rand -hex 32" + echo "" + + read -rp " Enter SITE_ID: " INPUT_SITE_ID + read -rp " Enter SITE_KEY: " INPUT_SITE_KEY + read -rp " Enter SECRET_KEY (leave blank to auto-generate): " INPUT_SECRET_KEY + + if [ -z "$INPUT_SECRET_KEY" ]; then + INPUT_SECRET_KEY=$(openssl rand -hex 32) + echo " Generated SECRET_KEY: $INPUT_SECRET_KEY" + fi + + sed -i "s/^SITE_ID=.*/SITE_ID=${INPUT_SITE_ID}/" "$SCRIPT_DIR/.env" + sed -i "s/^SITE_KEY=.*/SITE_KEY=${INPUT_SITE_KEY}/" "$SCRIPT_DIR/.env" + sed -i "s/^SECRET_KEY=.*/SECRET_KEY=${INPUT_SECRET_KEY}/" "$SCRIPT_DIR/.env" + + echo "" + echo " .env written. Review it at: $SCRIPT_DIR/.env" + echo "" +else + echo " .env already exists — skipping." +fi + +# ── 3. Write nginx-proxy/nginx.conf ────────────────────────────────────────── +echo "[ 3/5 ] Writing nginx proxy config..." cat > "$SCRIPT_DIR/nginx-proxy/nginx.conf" << 'EOF' server { listen 80; @@ -26,7 +61,7 @@ server { server { listen 443 ssl; - server_name _; + server_name waiter.*; ssl_certificate /etc/nginx/certs/cert.pem; ssl_certificate_key /etc/nginx/certs/key.pem; @@ -43,8 +78,8 @@ server { } server { - listen 4443 ssl; - server_name _; + listen 443 ssl; + server_name manager.*; ssl_certificate /etc/nginx/certs/cert.pem; ssl_certificate_key /etc/nginx/certs/key.pem; @@ -59,39 +94,69 @@ server { proxy_set_header X-Forwarded-Proto $scheme; } } + +server { + listen 443 ssl default_server; + + ssl_certificate /etc/nginx/certs/cert.pem; + ssl_certificate_key /etc/nginx/certs/key.pem; + + location /api/ { + proxy_pass http://backend:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location / { + proxy_pass http://waiter_pwa:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} EOF -# ── 3. SSL certificates ─────────────────────────────────────────────────────── -echo "[ 3/4 ] Setting up SSL certificates..." +# ── 4. SSL certificates ─────────────────────────────────────────────────────── +echo "[ 4/5 ] Checking SSL certificates..." if [ -f "$SCRIPT_DIR/certs/cert.pem" ] && [ -f "$SCRIPT_DIR/certs/key.pem" ]; then echo " Certificates already exist — skipping." else echo "" echo " No certificates found in certs/" - echo " You need a cert for your domain (e.g. xeniapos.yourdomain.com)." echo "" - echo " Option A — Let's Encrypt (recommended for production):" + echo " DNS requirement:" + echo " Two subdomains must point to this machine's IP:" + echo " waiter.YOURDOMAIN → this machine's IP" + echo " manager.YOURDOMAIN → this machine's IP" + echo " The waiter domain should also be registered in the sysadmin" + echo " panel as the 'Waiter Domain' so phones get the QR code." + echo "" + echo " Option A — Let's Encrypt (recommended):" echo " sudo apt install certbot" - echo " sudo certbot certonly --manual --preferred-challenges dns -d YOUR_DOMAIN" - echo " sudo cp /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem certs/cert.pem" - echo " sudo cp /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem certs/key.pem" + echo " sudo certbot certonly --manual --preferred-challenges dns \\" + echo " -d waiter.YOURDOMAIN -d manager.YOURDOMAIN" + echo " sudo cp /etc/letsencrypt/live/waiter.YOURDOMAIN/fullchain.pem certs/cert.pem" + echo " sudo cp /etc/letsencrypt/live/waiter.YOURDOMAIN/privkey.pem certs/key.pem" echo "" - echo " Option B — Self-signed (local testing only, requires CA install on each device):" + echo " Option B — Self-signed / mkcert (local testing only):" echo " sudo apt install mkcert libnss3-tools" echo " mkcert -install" - echo " mkcert -cert-file certs/cert.pem -key-file certs/key.pem YOUR_IP localhost" + echo " mkcert -cert-file certs/cert.pem -key-file certs/key.pem \\" + echo " waiter.YOURDOMAIN manager.YOURDOMAIN" echo "" - echo " Add certs then re-run this script, or run: docker compose up -d" + echo " Add certs then run: docker compose up -d" echo "" fi -# ── 4. Create placeholder logo if missing ──────────────────────────────────── -echo "[ 4/4 ] Checking logo..." -if [ ! -f "$SCRIPT_DIR/logo.png" ]; then - echo " WARNING: logo.png not found." - echo " Place your logo at: $SCRIPT_DIR/logo.png" - echo " Creating placeholder so the stack can start..." +# ── 5. Logo ─────────────────────────────────────────────────────────────────── +echo "[ 5/5 ] Checking logo..." +if [ ! -s "$SCRIPT_DIR/logo.png" ]; then + echo " WARNING: logo.png not found or is empty." + echo " Place your restaurant logo at: $SCRIPT_DIR/logo.png" touch "$SCRIPT_DIR/logo.png" fi @@ -104,7 +169,9 @@ if [ -f "$SCRIPT_DIR/certs/cert.pem" ] && [ -f "$SCRIPT_DIR/certs/key.pem" ]; th echo "Starting stack..." docker compose -f "$SCRIPT_DIR/docker-compose.yml" up -d echo "" - echo "Done! Services are running." + echo "Done! Services running." + echo " Waiter app: https://waiter.YOURDOMAIN" + echo " Manager app: https://manager.YOURDOMAIN" else echo "Add SSL certificates to certs/ then run:" echo " docker compose up -d"