 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/lavocat.quebec/private_html/scripts/ |
#!/bin/bash
# Production Deployment Script for lavocat.quebec
# This script prepares and deploys the application to production
set -e # Exit on any error
echo "🚀 Starting production deployment for lavocat.quebec..."
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configuration
DOMAIN="lavocat.quebec"
PROJECT_NAME="liberte-meme-en-cellule"
DEPLOY_DIR="/var/www/lavocat.quebec"
BACKUP_DIR="/var/backups/lavocat.quebec"
# Function to print colored output
print_status() {
echo -e "${BLUE}[INFO]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check if running as root
if [[ $EUID -eq 0 ]]; then
print_error "This script should not be run as root"
exit 1
fi
# Create backup
print_status "Creating backup of current deployment..."
if [ -d "$DEPLOY_DIR" ]; then
BACKUP_NAME="backup-$(date +%Y%m%d-%H%M%S)"
sudo mkdir -p "$BACKUP_DIR"
sudo cp -r "$DEPLOY_DIR" "$BACKUP_DIR/$BACKUP_NAME"
print_success "Backup created: $BACKUP_DIR/$BACKUP_NAME"
else
print_warning "No existing deployment found, skipping backup"
fi
# Create deployment directory
print_status "Creating deployment directory..."
sudo mkdir -p "$DEPLOY_DIR"
sudo chown $USER:$USER "$DEPLOY_DIR"
# Copy project files
print_status "Copying project files..."
cp -r . "$DEPLOY_DIR/"
cd "$DEPLOY_DIR"
# Install dependencies
print_status "Installing production dependencies..."
npm ci --only=production
# Generate Prisma client
print_status "Generating Prisma client..."
npx prisma generate
# Run database migrations
print_status "Running database migrations..."
npx prisma migrate deploy
# Build the application
print_status "Building the application..."
npm run build
# Create production environment file
print_status "Setting up production environment..."
if [ ! -f ".env.production" ]; then
print_error "Production environment file not found!"
print_status "Please create .env.production with your production settings"
exit 1
fi
# Set up SSL certificates
print_status "Setting up SSL certificates..."
sudo mkdir -p "$DEPLOY_DIR/certificates"
if [ -f "certificates/lavocat.quebec.key" ] && [ -f "certificates/lavocat.quebec.crt" ]; then
sudo cp certificates/lavocat.quebec.key "$DEPLOY_DIR/certificates/"
sudo cp certificates/lavocat.quebec.crt "$DEPLOY_DIR/certificates/"
sudo chmod 600 "$DEPLOY_DIR/certificates/lavocat.quebec.key"
sudo chmod 644 "$DEPLOY_DIR/certificates/lavocat.quebec.crt"
print_success "SSL certificates copied"
else
print_warning "SSL certificates not found, you'll need to set them up manually"
fi
# Create systemd service file
print_status "Creating systemd service..."
sudo tee /etc/systemd/system/lavocat-quebec.service > /dev/null <<EOF
[Unit]
Description=Lavocat Quebec Next.js Application
After=network.target
[Service]
Type=simple
User=$USER
WorkingDirectory=$DEPLOY_DIR
Environment=NODE_ENV=production
Environment=PORT=3000
Environment=HTTPS_PORT=3443
ExecStart=/usr/bin/node --max-old-space-size=4096 --expose-gc server-production.js
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
EOF
# Create nginx configuration
print_status "Creating nginx configuration..."
sudo tee /etc/nginx/sites-available/lavocat.quebec > /dev/null <<EOF
server {
listen 80;
server_name lavocat.quebec www.lavocat.quebec;
return 301 https://\$server_name\$request_uri;
}
server {
listen 443 ssl http2;
server_name lavocat.quebec www.lavocat.quebec;
ssl_certificate $DEPLOY_DIR/certificates/lavocat.quebec.crt;
ssl_certificate_key $DEPLOY_DIR/certificates/lavocat.quebec.key;
# SSL configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Proxy to Next.js application
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_cache_bypass \$http_upgrade;
proxy_read_timeout 86400;
}
# WebSocket support
location /_ws {
proxy_pass http://127.0.0.1:3443;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_read_timeout 86400;
}
# Static files
location /_next/static {
alias $DEPLOY_DIR/.next/static;
expires 1y;
add_header Cache-Control "public, immutable";
}
# Uploads
location /uploads {
alias $DEPLOY_DIR/public/uploads;
expires 1y;
add_header Cache-Control "public";
}
# Gzip compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_proxied any;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml
image/svg+xml;
}
EOF
# Enable nginx site
print_status "Enabling nginx site..."
sudo ln -sf /etc/nginx/sites-available/lavocat.quebec /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
# Enable and start the service
print_status "Starting the application service..."
sudo systemctl daemon-reload
sudo systemctl enable lavocat-quebec
sudo systemctl start lavocat-quebec
# Wait for service to start
sleep 5
# Check service status
if sudo systemctl is-active --quiet lavocat-quebec; then
print_success "Service is running successfully!"
else
print_error "Service failed to start!"
sudo systemctl status lavocat-quebec
exit 1
fi
# Create log directory
print_status "Setting up logging..."
sudo mkdir -p /var/log/lavocat-quebec
sudo chown $USER:$USER /var/log/lavocat-quebec
# Create logrotate configuration
sudo tee /etc/logrotate.d/lavocat-quebec > /dev/null <<EOF
/var/log/lavocat-quebec/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 644 $USER $USER
postrotate
systemctl reload lavocat-quebec
endscript
}
EOF
print_success "Deployment completed successfully!"
print_status "Your application is now running at: https://lavocat.quebec"
print_status "Service status: sudo systemctl status lavocat-quebec"
print_status "View logs: sudo journalctl -u lavocat-quebec -f"