kobotoolbox_secured_server_docker_install

#!/bin/bash -eu

# Script to install Kobotoolbox on Ubuntu 16.04 as per
# https://github.com/kobotoolbox/kobo-docker
# Assumes you have a a more or less clean Ubuntu install and a user with sudo
# Tested on a $20/month Digital Ocean droplet (2 GB RAM, 30 GB SSD)

echo please enter your domain name
read domain_name
echo
echo please enter the username of the first Kobo Toolbox superuser
read kobo_superuser_username
echo
echo please enter the password for the first Kobo Toolbox superuser
read kobo_superuser_password
echo
echo Please enter the email address where users can contact you for support
read kobo_support_email
echo

sudo apt -y update
sudo apt -y upgrade

echo installing letsencrypt    
if ! type "letsencrypt"; then
    sudo apt install -y letsencrypt
else echo letsencrypt seems to be already installed
fi

echo running letsencrypt to get certificate for $domain_name
sudo letsencrypt certonly --standalone -d $domain_name \
     -d www.$domain_name -d kf.$domain_name -d kc.$domain_name \
     -d en.$domain_name

# install docker and docker-compose (separate script for better reusability)
echo installing Docker-Compose by launching Docker install script
if ! type "docker-compose"; then
    ./docker_install
else echo looks like Docker-Compose is already installed
fi

echo downloading Kobo Toolbox repository from Github into /home/$USER
cd /home/$USER
if [ ! -d kobo-docker ]; then
    git clone https://github.com/kobotoolbox/kobo-docker.git
else echo Looks like Kobo Toolbox is already downloaded
fi

cd kobo-docker

echo creating a symbolic link to the server configuration for Docker-compose
if [ ! -f docker-compose.yml ]; then
    ln -s docker-compose.server.yml docker-compose.yml
else echo Looks like the symlink has already been created
fi

echo pulling latest images from Docker Hub
sudo docker-compose pull

echo Creating and storing a 50-character random string for Django secret key
django_secret_key=$(sudo docker-compose run --rm kpi python -c 'from django.utils.crypto import get_random_string; print(get_random_string(50, "abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)"))')
echo $django_secret_key
echo
echo Creating and storing a 20-character random string for Eketo API key
enketo_api_token=$(sudo docker-compose run --rm kpi python -c 'from django.utils.crypto import get_random_string; print(get_random_string(20, "abcdefghijklmnopqrstuvwxyz0123456789"))')
echo $enketo_api_token

echo Modifying envfile.server.txt to work with $domain_name
if [ ! -f envfile.server.txt.BAK ]; then
    # Create a backup
    cp envfile.server.txt envfile.server.txt.BAK
    # Substitute in the appropriate strings in the envfile using sed
    # syntax sed -i "0,/ORIGINAL/s/ORIGINAL/REPLACEMENT/"
    # replaces only the first instance of ORIGINAL with REPLACEMENT
    # a bit overkill (could have just overwritten the envfile including the
    # appropriate values, but this way is more general)
    sed -i "0,/PUBLIC_DOMAIN_NAME=/s/PUBLIC_DOMAIN_NAME=/PUBLIC_DOMAIN_NAME=$domain_name/" envfile.server.txt
    sed -i "0,/KOBOFORM_PUBLIC_SUBDOMAIN=/s/KOBOFORM_PUBLIC_SUBDOMAIN=/KOBOFORM_PUBLIC_SUBDOMAIN=kf/" envfile.server.txt
    sed -i "0,/KOBOCAT_PUBLIC_SUBDOMAIN=/s/KOBOCAT_PUBLIC_SUBDOMAIN=/KOBOCAT_PUBLIC_SUBDOMAIN=kc/" envfile.server.txt
    sed -i "0,/ENKETO_EXPRESS_PUBLIC_SUBDOMAIN=/s/ENKETO_EXPRESS_PUBLIC_SUBDOMAIN=/ENKETO_EXPRESS_PUBLIC_SUBDOMAIN=en/" envfile.server.txt
    sed -i "0,/ENKETO_API_TOKEN=/s/ENKETO_API_TOKEN=/ENKETO_API_TOKEN=$enketo_api_token/" envfile.server.txt
    sed -i "0,/DJANGO_SECRET_KEY=/s/DJANGO_SECRET_KEY=/DJANGO_SECRET_KEY=$django_secret_key/" envfile.server.txt
    sed -i "0,/KOBO_SUPERUSER_USERNAME=/s/KOBO_SUPERUSER_USERNAME=/KOBO_SUPERUSER_USERNAME=$kobo_superuser_username/" envfile.server.txt
    sed -i "0,/KOBO_SUPERUSER_PASSWORD=/s/KOBO_SUPERUSER_PASSWORD=/KOBO_SUPERUSER_PASSWORD=$kobo_superuser_password/" envfile.server.txt
    sed -i "0,/KOBO_SUPPORT_EMAIL=/s/KOBO_SUPPORT_EMAIL=/KOBO_SUPPORT_EMAIL=$kobo_support_email/" envfile.server.txt

else echo looks like envfile.server.txt has already been modified
fi

echo creating a secrets directory for the ssl keys
if [ ! -d secrets ]; then
    mkdir secrets
    echo copying fullchain.pem to secrets/ssl.crt
    sudo cp /etc/letsencrypt/live/$domain_name/fullchain.pem secrets/ssl.crt
    echo copying privkey.pem to secrets/ssl.key
    sudo cp /etc/letsencrypt/live/$domain_name/privkey.pem secrets/ssl.key
else echo looks like the secrets directory is already created
fi

echo building the image
sudo docker-compose build

echo starting up the server
sudo docker-compose up -d

echo
echo That should be it. Now wait for about five minutes, then
echo open $domain_name in a browser to see if you have a working server!
echo

# TODO add crontab jobs to clean up docker images like this:
# docker rmi $(docker images -f "dangling=true" -q)
# docker rm -v $(docker ps -a -q -f status=exited)
# as per http://blog.yohanliyanage.com/2015/05/docker-clean-up-after-yourself/
# or sudo docker system prune -a

# TODO database backup scheduling (probably add questions to the begining of
# the script asking how they want their backups etc done

# TODO add cron job to renew letsencrypt certs
# from kobo-docker folder do:
# sudo docker-compose stop # so that letsencrypt can use port 80
# sudo letsencrypt certonly --standalone -d $domain_name \
#     -d www.$domain_name -d kf.$domain_name -d kc.$domain_name \
#     -d en.$domain_name

# Then copy the certs into the secrets folder from the NEW letsencrypt folder

# sudo cp /etc/letsencrypt/live/$domain_name/fullchain.pem secrets/ssl.crt
# sudo cp /etc/letsencrypt/live/$domain_name/privkey.pem secrets/ssl.key

# git pull
# sudo docker-compose pull


# sudo docker-compose up -d