d-bis/miracles_in_motion
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f1c61c833927e01bb9ed45aa75fc42db8adc86f9
miracles_in_motion/scripts/setup-cloudflare-auto.sh

299 lines
10 KiB
Bash
Raw Blame History

#!/bin/bash
# Automated Cloudflare Setup Script
# Reads credentials from .env.production and configures Cloudflare automatically
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Configuration
DOMAIN="mim4u.org"
STATIC_WEB_APP_NAME="mim-prod-igiay4-web"
AZURE_RESOURCE_GROUP="rg-miraclesinmotion-prod"
echo -e "${GREEN}🌐 Automated Cloudflare Setup${NC}"
echo "=================================="
echo ""
# Load environment variables from .env files
ENV_FILES=(".env.production" ".env" "../.env.production" "../.env")
CREDENTIALS_LOADED=false
for env_file in "${ENV_FILES[@]}"; do
if [ -f "$env_file" ]; then
echo -e "${GREEN}📋 Loading credentials from $env_file...${NC}"
# Try different formats
while IFS= read -r line; do
if [[ "$line" =~ ^CLOUDFLARE_API_TOKEN= ]] || [[ "$line" =~ ^CLOUDFLARE_ZONE_ID= ]]; then
export "$line"
CREDENTIALS_LOADED=true
fi
done < "$env_file"
# Also try with export command
set -a
source "$env_file" 2>/dev/null || true
set +a
fi
done
# Check if credentials are already set in environment
if [ -n "$CLOUDFLARE_API_TOKEN" ] && [ -n "$CLOUDFLARE_ZONE_ID" ]; then
CREDENTIALS_LOADED=true
fi
# Check if credentials are set
if [ -z "$CLOUDFLARE_API_TOKEN" ] || [ -z "$CLOUDFLARE_ZONE_ID" ]; then
echo -e "${YELLOW}⚠️ Cloudflare credentials not found in env files${NC}"
echo "Checking environment variables..."
# Final check - maybe they're already exported
if [ -z "$CLOUDFLARE_API_TOKEN" ] || [ -z "$CLOUDFLARE_ZONE_ID" ]; then
echo -e "${RED}❌ Cloudflare credentials not found${NC}"
echo "Please set: CLOUDFLARE_API_TOKEN and CLOUDFLARE_ZONE_ID"
echo "Or add them to .env.production file"
exit 1
fi
fi
echo -e "${GREEN}✅ Credentials loaded${NC}"
echo "Zone ID: ${CLOUDFLARE_ZONE_ID:0:15}..."
echo ""
# Get Azure Static Web App default hostname
echo -e "${GREEN}📋 Getting Azure Static Web App information...${NC}"
AZURE_STATIC_WEB_APP_URL=$(az staticwebapp show \
--name "$STATIC_WEB_APP_NAME" \
--resource-group "$AZURE_RESOURCE_GROUP" \
--query "defaultHostname" -o tsv 2>/dev/null || echo "")
if [ -z "$AZURE_STATIC_WEB_APP_URL" ]; then
echo -e "${RED}❌ Could not find Static Web App${NC}"
exit 1
fi
echo -e "${GREEN}✅ Found Static Web App: ${AZURE_STATIC_WEB_APP_URL}${NC}"
echo ""
# Verify Cloudflare API access
echo -e "${GREEN}🔐 Verifying Cloudflare API access...${NC}"
ZONE_RESPONSE=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json")
ZONE_SUCCESS=$(echo "$ZONE_RESPONSE" | grep -o '"success":true' || echo "")
if [ -z "$ZONE_SUCCESS" ]; then
echo -e "${RED}❌ Failed to authenticate with Cloudflare API${NC}"
echo "Response: $ZONE_RESPONSE"
exit 1
fi
ZONE_NAME=$(echo "$ZONE_RESPONSE" | grep -o '"name":"[^"]*"' | cut -d'"' -f4)
echo -e "${GREEN}✅ Authenticated with Cloudflare${NC}"
echo "Zone: $ZONE_NAME"
echo ""
# Function to create or update DNS record
create_dns_record() {
local record_type=$1
local record_name=$2
local record_content=$3
local proxy=$4
echo -n "Configuring DNS: $record_name.$DOMAIN -> $record_content... "
# Check if record exists
EXISTING_RECORD=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records?type=$record_type&name=$record_name.$DOMAIN" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json")
RECORD_ID=$(echo "$EXISTING_RECORD" | grep -o '"id":"[^"]*"' | head -1 | cut -d'"' -f4)
if [ -n "$RECORD_ID" ] && [ "$RECORD_ID" != "null" ]; then
# Update existing record
DATA=$(cat <<EOF
{
"type": "$record_type",
"name": "$record_name",
"content": "$record_content",
"proxied": $proxy,
"ttl": 1
}
EOF
)
RESPONSE=$(curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records/$RECORD_ID" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data "$DATA")
else
# Create new record
DATA=$(cat <<EOF
{
"type": "$record_type",
"name": "$record_name",
"content": "$record_content",
"proxied": $proxy,
"ttl": 1
}
EOF
)
RESPONSE=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data "$DATA")
fi
SUCCESS=$(echo "$RESPONSE" | grep -o '"success":true' || echo "")
if [ -n "$SUCCESS" ]; then
echo -e "${GREEN}${NC}"
return 0
else
ERRORS=$(echo "$RESPONSE" | grep -o '"message":"[^"]*"' | cut -d'"' -f4 | head -1)
echo -e "${YELLOW}⚠️ $ERRORS${NC}"
return 1
fi
}
# Create DNS records
echo -e "${GREEN}📝 Configuring DNS Records...${NC}"
create_dns_record "CNAME" "www" "$AZURE_STATIC_WEB_APP_URL" "true"
create_dns_record "CNAME" "@" "$AZURE_STATIC_WEB_APP_URL" "true"
echo ""
# Configure SSL/TLS settings
echo -e "${GREEN}🔒 Configuring SSL/TLS...${NC}"
# Set SSL mode to Full
SSL_RESPONSE=$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/ssl" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{"value":"full"}')
if echo "$SSL_RESPONSE" | grep -q '"success":true'; then
echo -e "${GREEN}✅ SSL mode set to Full${NC}"
else
echo -e "${YELLOW}⚠️ Could not update SSL settings${NC}"
fi
# Enable Always Use HTTPS
HTTPS_RESPONSE=$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/always_use_https" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{"value":"on"}')
if echo "$HTTPS_RESPONSE" | grep -q '"success":true'; then
echo -e "${GREEN}✅ Always Use HTTPS enabled${NC}"
else
echo -e "${YELLOW}⚠️ Could not enable Always Use HTTPS${NC}"
fi
echo ""
# Configure Security Settings
echo -e "${GREEN}🛡️ Configuring Security Settings...${NC}"
# Set security level to Medium
SECURITY_RESPONSE=$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/security_level" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{"value":"medium"}')
if echo "$SECURITY_RESPONSE" | grep -q '"success":true'; then
echo -e "${GREEN}✅ Security level set to Medium${NC}"
else
echo -e "${YELLOW}⚠️ Could not update security level${NC}"
fi
# Enable Browser Integrity Check
BROWSER_RESPONSE=$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/browser_check" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{"value":"on"}')
if echo "$BROWSER_RESPONSE" | grep -q '"success":true'; then
echo -e "${GREEN}✅ Browser Integrity Check enabled${NC}"
else
echo -e "${YELLOW}⚠️ Could not enable browser check${NC}"
fi
echo ""
# Configure Speed Settings
echo -e "${GREEN}⚡ Configuring Speed Settings...${NC}"
# Enable Minification
MINIFY_RESPONSE=$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/minify" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{"value":{"css":"on","html":"on","js":"on"}}')
if echo "$MINIFY_RESPONSE" | grep -q '"success":true'; then
echo -e "${GREEN}✅ Minification enabled${NC}"
else
echo -e "${YELLOW}⚠️ Could not enable minification${NC}"
fi
# Enable Brotli compression
BROTLI_RESPONSE=$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/brotli" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{"value":"on"}')
if echo "$BROTLI_RESPONSE" | grep -q '"success":true'; then
echo -e "${GREEN}✅ Brotli compression enabled${NC}"
else
echo -e "${YELLOW}⚠️ Could not enable Brotli${NC}"
fi
echo ""
# Add custom domain to Azure Static Web App
echo -e "${GREEN}🔗 Adding Custom Domain to Azure Static Web App...${NC}"
# For apex domain (may require TXT validation)
az staticwebapp hostname set \
--name "$STATIC_WEB_APP_NAME" \
--resource-group "$AZURE_RESOURCE_GROUP" \
--hostname "$DOMAIN" 2>/dev/null && \
echo -e "${GREEN}✅ Custom domain $DOMAIN added${NC}" || \
echo -e "${YELLOW}⚠️ Domain may already be added or DNS not ready${NC}"
# For www subdomain
az staticwebapp hostname set \
--name "$STATIC_WEB_APP_NAME" \
--resource-group "$AZURE_RESOURCE_GROUP" \
--hostname "www.$DOMAIN" 2>/dev/null && \
echo -e "${GREEN}✅ Custom domain www.$DOMAIN added${NC}" || \
echo -e "${YELLOW}⚠️ Domain may already be added or DNS not ready${NC}"
echo ""
# Summary
echo -e "${GREEN}✅ Cloudflare Setup Complete!${NC}"
echo "=================================="
echo ""
echo "Configuration Summary:"
echo " Domain: $DOMAIN"
echo " Static Web App: $AZURE_STATIC_WEB_APP_URL"
echo ""
echo "DNS Records:"
echo " ✅ www.$DOMAIN -> $AZURE_STATIC_WEB_APP_URL (Proxied)"
echo "$DOMAIN -> $AZURE_STATIC_WEB_APP_URL (Proxied)"
echo ""
echo "Cloudflare Settings:"
echo " ✅ SSL Mode: Full"
echo " ✅ Always Use HTTPS: Enabled"
echo " ✅ Security Level: Medium"
echo " ✅ Browser Integrity Check: Enabled"
echo " ✅ Minification: Enabled (JS, CSS, HTML)"
echo " ✅ Brotli Compression: Enabled"
echo ""
echo "Next Steps:"
echo " 1. Wait for DNS propagation (usually 5-30 minutes)"
echo " 2. Verify SSL certificates are provisioned (1-24 hours)"
echo " 3. Test the website at https://$DOMAIN"
echo " 4. Monitor Cloudflare analytics"
echo ""
Reference in New Issue View Git Blame Copy Permalink