fix: deployment readiness — correct registry/cloud URLs, fix install.sh

- .env.example: set REGISTRY=registry.bonamin.gr, CLOUD_URL=https://xenia-admin.bonamin.gr, DATA_PATH=/opt/xenia/data - install.sh: auto-create .env from example, prompt for SITE_ID/SITE_KEY/SECRET_KEY, clarify DNS subdomain requirements, add backend API proxy block to nginx config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-20 14:36:43 +03:00
parent 8ba8c95ecd
commit 0d21b7f20b
2 changed files with 97 additions and 30 deletions
--- a/install.sh
+++ b/install.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Xenia POS — first-time install script
-# Run this on the server machine before starting the stack.
+# Run this on the client machine before starting the stack.
 # Usage: bash install.sh

 set -e
@@ -11,13 +11,48 @@ echo "=== Xenia POS Install ==="
 echo ""

 # ── 1. Create required directories ───────────────────────────────────────────
-echo "[ 1/4 ] Creating directories..."
+echo "[ 1/5 ] Creating directories..."
 mkdir -p "$SCRIPT_DIR/data"
 mkdir -p "$SCRIPT_DIR/certs"
 mkdir -p "$SCRIPT_DIR/nginx-proxy"
+mkdir -p /opt/xenia/data
+touch /opt/xenia/logo.png 2>/dev/null || true

-# ── 2. Write nginx-proxy/nginx.conf ──────────────────────────────────────────
-echo "[ 2/4 ] Writing nginx proxy config..."
+# ── 2. Create .env from .env.example if missing ───────────────────────────────
+echo "[ 2/5 ] Configuring environment..."
+
+if [ ! -f "$SCRIPT_DIR/.env" ]; then
+    cp "$SCRIPT_DIR/.env.example" "$SCRIPT_DIR/.env"
+    echo ""
+    echo "        A .env file has been created from .env.example."
+    echo "        You must fill in SITE_ID, SITE_KEY, and SECRET_KEY before starting."
+    echo ""
+    echo "        Get SITE_ID and SITE_KEY from: https://xenia-admin.bonamin.gr"
+    echo "        Generate SECRET_KEY with:  openssl rand -hex 32"
+    echo ""
+
+    read -rp "        Enter SITE_ID: " INPUT_SITE_ID
+    read -rp "        Enter SITE_KEY: " INPUT_SITE_KEY
+    read -rp "        Enter SECRET_KEY (leave blank to auto-generate): " INPUT_SECRET_KEY
+
+    if [ -z "$INPUT_SECRET_KEY" ]; then
+        INPUT_SECRET_KEY=$(openssl rand -hex 32)
+        echo "        Generated SECRET_KEY: $INPUT_SECRET_KEY"
+    fi
+
+    sed -i "s/^SITE_ID=.*/SITE_ID=${INPUT_SITE_ID}/" "$SCRIPT_DIR/.env"
+    sed -i "s/^SITE_KEY=.*/SITE_KEY=${INPUT_SITE_KEY}/" "$SCRIPT_DIR/.env"
+    sed -i "s/^SECRET_KEY=.*/SECRET_KEY=${INPUT_SECRET_KEY}/" "$SCRIPT_DIR/.env"
+
+    echo ""
+    echo "        .env written. Review it at: $SCRIPT_DIR/.env"
+    echo ""
+else
+    echo "        .env already exists — skipping."
+fi
+
+# ── 3. Write nginx-proxy/nginx.conf ──────────────────────────────────────────
+echo "[ 3/5 ] Writing nginx proxy config..."
 cat > "$SCRIPT_DIR/nginx-proxy/nginx.conf" << 'EOF'
 server {
    listen 80;
@@ -26,7 +61,7 @@ server {

 server {
    listen 443 ssl;
-    server_name _;
+    server_name waiter.*;

    ssl_certificate     /etc/nginx/certs/cert.pem;
    ssl_certificate_key /etc/nginx/certs/key.pem;
@@ -43,8 +78,8 @@ server {
 }

 server {
-    listen 4443 ssl;
-    server_name _;
+    listen 443 ssl;
+    server_name manager.*;

    ssl_certificate     /etc/nginx/certs/cert.pem;
    ssl_certificate_key /etc/nginx/certs/key.pem;
@@ -59,39 +94,69 @@ server {
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 }
+
+server {
+    listen 443 ssl default_server;
+
+    ssl_certificate     /etc/nginx/certs/cert.pem;
+    ssl_certificate_key /etc/nginx/certs/key.pem;
+
+    location /api/ {
+        proxy_pass http://backend:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location / {
+        proxy_pass http://waiter_pwa:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
 EOF

-# ── 3. SSL certificates ───────────────────────────────────────────────────────
-echo "[ 3/4 ] Setting up SSL certificates..."
+# ── 4. SSL certificates ───────────────────────────────────────────────────────
+echo "[ 4/5 ] Checking SSL certificates..."

 if [ -f "$SCRIPT_DIR/certs/cert.pem" ] && [ -f "$SCRIPT_DIR/certs/key.pem" ]; then
    echo "        Certificates already exist — skipping."
 else
    echo ""
    echo "        No certificates found in certs/"
-    echo "        You need a cert for your domain (e.g. xeniapos.yourdomain.com)."
    echo ""
-    echo "        Option A — Let's Encrypt (recommended for production):"
+    echo "        DNS requirement:"
+    echo "          Two subdomains must point to this machine's IP:"
+    echo "            waiter.YOURDOMAIN  →  this machine's IP"
+    echo "            manager.YOURDOMAIN →  this machine's IP"
+    echo "          The waiter domain should also be registered in the sysadmin"
+    echo "          panel as the 'Waiter Domain' so phones get the QR code."
+    echo ""
+    echo "        Option A — Let's Encrypt (recommended):"
    echo "          sudo apt install certbot"
-    echo "          sudo certbot certonly --manual --preferred-challenges dns -d YOUR_DOMAIN"
-    echo "          sudo cp /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem certs/cert.pem"
-    echo "          sudo cp /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem  certs/key.pem"
+    echo "          sudo certbot certonly --manual --preferred-challenges dns \\"
+    echo "            -d waiter.YOURDOMAIN -d manager.YOURDOMAIN"
+    echo "          sudo cp /etc/letsencrypt/live/waiter.YOURDOMAIN/fullchain.pem certs/cert.pem"
+    echo "          sudo cp /etc/letsencrypt/live/waiter.YOURDOMAIN/privkey.pem  certs/key.pem"
    echo ""
-    echo "        Option B — Self-signed (local testing only, requires CA install on each device):"
+    echo "        Option B — Self-signed / mkcert (local testing only):"
    echo "          sudo apt install mkcert libnss3-tools"
    echo "          mkcert -install"
-    echo "          mkcert -cert-file certs/cert.pem -key-file certs/key.pem YOUR_IP localhost"
+    echo "          mkcert -cert-file certs/cert.pem -key-file certs/key.pem \\"
+    echo "            waiter.YOURDOMAIN manager.YOURDOMAIN"
    echo ""
-    echo "        Add certs then re-run this script, or run: docker compose up -d"
+    echo "        Add certs then run: docker compose up -d"
    echo ""
 fi

-# ── 4. Create placeholder logo if missing ────────────────────────────────────
-echo "[ 4/4 ] Checking logo..."
-if [ ! -f "$SCRIPT_DIR/logo.png" ]; then
-    echo "        WARNING: logo.png not found."
-    echo "        Place your logo at: $SCRIPT_DIR/logo.png"
-    echo "        Creating placeholder so the stack can start..."
+# ── 5. Logo ───────────────────────────────────────────────────────────────────
+echo "[ 5/5 ] Checking logo..."
+if [ ! -s "$SCRIPT_DIR/logo.png" ]; then
+    echo "        WARNING: logo.png not found or is empty."
+    echo "        Place your restaurant logo at: $SCRIPT_DIR/logo.png"
    touch "$SCRIPT_DIR/logo.png"
 fi

@@ -104,7 +169,9 @@ if [ -f "$SCRIPT_DIR/certs/cert.pem" ] && [ -f "$SCRIPT_DIR/certs/key.pem" ]; th
    echo "Starting stack..."
    docker compose -f "$SCRIPT_DIR/docker-compose.yml" up -d
    echo ""
-    echo "Done! Services are running."
+    echo "Done! Services running."
+    echo "  Waiter app:   https://waiter.YOURDOMAIN"
+    echo "  Manager app:  https://manager.YOURDOMAIN"
 else
    echo "Add SSL certificates to certs/ then run:"
    echo "  docker compose up -d"