Update install/uninstall scripts with new config options and credential capture
This commit is contained in:
@@ -192,31 +192,86 @@ cat > "$INSTALL_DIR/myfsio.env" << EOF
|
||||
# Generated by install.sh on $(date)
|
||||
# Documentation: https://go.jzwsite.com/myfsio
|
||||
|
||||
# Storage paths
|
||||
# =============================================================================
|
||||
# STORAGE PATHS
|
||||
# =============================================================================
|
||||
STORAGE_ROOT=$DATA_DIR
|
||||
LOG_DIR=$LOG_DIR
|
||||
|
||||
# Network
|
||||
# =============================================================================
|
||||
# NETWORK
|
||||
# =============================================================================
|
||||
APP_HOST=0.0.0.0
|
||||
APP_PORT=$API_PORT
|
||||
|
||||
# Security - CHANGE IN PRODUCTION
|
||||
SECRET_KEY=$SECRET_KEY
|
||||
CORS_ORIGINS=*
|
||||
|
||||
# Public URL (set this if behind a reverse proxy)
|
||||
# Public URL (set this if behind a reverse proxy for presigned URLs)
|
||||
$(if [[ -n "$API_URL" ]]; then echo "API_BASE_URL=$API_URL"; else echo "# API_BASE_URL=https://s3.example.com"; fi)
|
||||
|
||||
# Logging
|
||||
# =============================================================================
|
||||
# SECURITY
|
||||
# =============================================================================
|
||||
# Secret key for session signing (auto-generated if not set)
|
||||
SECRET_KEY=$SECRET_KEY
|
||||
|
||||
# CORS settings - restrict in production
|
||||
CORS_ORIGINS=*
|
||||
|
||||
# Brute-force protection
|
||||
AUTH_MAX_ATTEMPTS=5
|
||||
AUTH_LOCKOUT_MINUTES=15
|
||||
|
||||
# Reverse proxy settings (set to number of trusted proxies in front)
|
||||
# NUM_TRUSTED_PROXIES=1
|
||||
|
||||
# Allow internal admin endpoints (only enable on trusted networks)
|
||||
# ALLOW_INTERNAL_ENDPOINTS=false
|
||||
|
||||
# Allowed hosts for redirects (comma-separated, empty = restrict all)
|
||||
# ALLOWED_REDIRECT_HOSTS=
|
||||
|
||||
# =============================================================================
|
||||
# LOGGING
|
||||
# =============================================================================
|
||||
LOG_LEVEL=INFO
|
||||
LOG_TO_FILE=true
|
||||
|
||||
# Rate limiting
|
||||
# =============================================================================
|
||||
# RATE LIMITING
|
||||
# =============================================================================
|
||||
RATE_LIMIT_DEFAULT=200 per minute
|
||||
# RATE_LIMIT_LIST_BUCKETS=60 per minute
|
||||
# RATE_LIMIT_BUCKET_OPS=120 per minute
|
||||
# RATE_LIMIT_OBJECT_OPS=240 per minute
|
||||
# RATE_LIMIT_ADMIN=60 per minute
|
||||
|
||||
# Optional: Encryption (uncomment to enable)
|
||||
# =============================================================================
|
||||
# SERVER TUNING (0 = auto-detect based on system resources)
|
||||
# =============================================================================
|
||||
# SERVER_THREADS=0
|
||||
# SERVER_CONNECTION_LIMIT=0
|
||||
# SERVER_BACKLOG=0
|
||||
# SERVER_CHANNEL_TIMEOUT=120
|
||||
|
||||
# =============================================================================
|
||||
# ENCRYPTION (uncomment to enable)
|
||||
# =============================================================================
|
||||
# ENCRYPTION_ENABLED=true
|
||||
# KMS_ENABLED=true
|
||||
|
||||
# =============================================================================
|
||||
# SITE SYNC / REPLICATION (for multi-site deployments)
|
||||
# =============================================================================
|
||||
# SITE_ID=site-1
|
||||
# SITE_ENDPOINT=https://s3-site1.example.com
|
||||
# SITE_REGION=us-east-1
|
||||
# SITE_SYNC_ENABLED=false
|
||||
|
||||
# =============================================================================
|
||||
# OPTIONAL FEATURES
|
||||
# =============================================================================
|
||||
# LIFECYCLE_ENABLED=false
|
||||
# METRICS_HISTORY_ENABLED=false
|
||||
# OPERATION_METRICS_ENABLED=false
|
||||
EOF
|
||||
chmod 600 "$INSTALL_DIR/myfsio.env"
|
||||
echo " [OK] Created $INSTALL_DIR/myfsio.env"
|
||||
@@ -308,7 +363,7 @@ if [[ "$SKIP_SYSTEMD" != true ]]; then
|
||||
systemctl start myfsio
|
||||
echo " [OK] Service started"
|
||||
echo ""
|
||||
|
||||
|
||||
read -p "Would you like to enable MyFSIO to start on boot? [Y/n] " -n 1 -r
|
||||
echo
|
||||
if [[ ! $REPLY =~ ^[Nn]$ ]]; then
|
||||
@@ -316,12 +371,37 @@ if [[ "$SKIP_SYSTEMD" != true ]]; then
|
||||
echo " [OK] Service enabled on boot"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
sleep 2
|
||||
|
||||
echo " Waiting for service initialization..."
|
||||
sleep 3
|
||||
|
||||
echo " Service Status:"
|
||||
echo " ---------------"
|
||||
if systemctl is-active --quiet myfsio; then
|
||||
echo " [OK] MyFSIO is running"
|
||||
|
||||
IAM_FILE="$DATA_DIR/.myfsio.sys/config/iam.json"
|
||||
if [[ -f "$IAM_FILE" ]]; then
|
||||
echo ""
|
||||
echo " ============================================"
|
||||
echo " ADMIN CREDENTIALS (save these securely!)"
|
||||
echo " ============================================"
|
||||
if command -v jq &>/dev/null; then
|
||||
ACCESS_KEY=$(jq -r '.users[0].access_key' "$IAM_FILE" 2>/dev/null)
|
||||
SECRET_KEY=$(jq -r '.users[0].secret_key' "$IAM_FILE" 2>/dev/null)
|
||||
else
|
||||
ACCESS_KEY=$(grep -o '"access_key"[[:space:]]*:[[:space:]]*"[^"]*"' "$IAM_FILE" | head -1 | sed 's/.*"\([^"]*\)"$/\1/')
|
||||
SECRET_KEY=$(grep -o '"secret_key"[[:space:]]*:[[:space:]]*"[^"]*"' "$IAM_FILE" | head -1 | sed 's/.*"\([^"]*\)"$/\1/')
|
||||
fi
|
||||
if [[ -n "$ACCESS_KEY" && -n "$SECRET_KEY" ]]; then
|
||||
echo " Access Key: $ACCESS_KEY"
|
||||
echo " Secret Key: $SECRET_KEY"
|
||||
else
|
||||
echo " [!] Could not parse credentials from $IAM_FILE"
|
||||
echo " Check the file manually or view service logs."
|
||||
fi
|
||||
echo " ============================================"
|
||||
fi
|
||||
else
|
||||
echo " [WARNING] MyFSIO may not have started correctly"
|
||||
echo " Check logs with: journalctl -u myfsio -f"
|
||||
@@ -346,19 +426,26 @@ echo "Access Points:"
|
||||
echo " API: http://$(hostname -I 2>/dev/null | awk '{print $1}' || echo "localhost"):$API_PORT"
|
||||
echo " UI: http://$(hostname -I 2>/dev/null | awk '{print $1}' || echo "localhost"):$UI_PORT/ui"
|
||||
echo ""
|
||||
echo "Default Credentials:"
|
||||
echo " Username: localadmin"
|
||||
echo " Password: localadmin"
|
||||
echo " [!] WARNING: Change these immediately after first login!"
|
||||
echo "Credentials:"
|
||||
echo " Admin credentials were shown above (if service was started)."
|
||||
echo " You can also find them in: $DATA_DIR/.myfsio.sys/config/iam.json"
|
||||
echo ""
|
||||
echo "Configuration Files:"
|
||||
echo " Environment: $INSTALL_DIR/myfsio.env"
|
||||
echo " IAM Users: $DATA_DIR/.myfsio.sys/config/iam.json"
|
||||
echo " Bucket Policies: $DATA_DIR/.myfsio.sys/config/bucket_policies.json"
|
||||
echo " Secret Key: $DATA_DIR/.myfsio.sys/config/.secret (auto-generated)"
|
||||
echo ""
|
||||
echo "Security Notes:"
|
||||
echo " - Rate limiting is enabled by default (200 req/min)"
|
||||
echo " - Brute-force protection: 5 attempts, 15 min lockout"
|
||||
echo " - Set CORS_ORIGINS to specific domains in production"
|
||||
echo " - Set NUM_TRUSTED_PROXIES if behind a reverse proxy"
|
||||
echo ""
|
||||
echo "Useful Commands:"
|
||||
echo " Check status: sudo systemctl status myfsio"
|
||||
echo " View logs: sudo journalctl -u myfsio -f"
|
||||
echo " Validate config: $INSTALL_DIR/myfsio --check-config"
|
||||
echo " Restart: sudo systemctl restart myfsio"
|
||||
echo " Stop: sudo systemctl stop myfsio"
|
||||
echo ""
|
||||
|
||||
@@ -88,7 +88,8 @@ echo "The following items will be removed:"
|
||||
echo ""
|
||||
echo " Install directory: $INSTALL_DIR"
|
||||
if [[ "$KEEP_DATA" != true ]]; then
|
||||
echo " Data directory: $DATA_DIR (ALL YOUR DATA WILL BE DELETED!)"
|
||||
echo " Data directory: $DATA_DIR"
|
||||
echo " [!] ALL DATA, IAM USERS, AND ENCRYPTION KEYS WILL BE DELETED!"
|
||||
else
|
||||
echo " Data directory: $DATA_DIR (WILL BE KEPT)"
|
||||
fi
|
||||
@@ -227,8 +228,15 @@ echo ""
|
||||
if [[ "$KEEP_DATA" == true ]]; then
|
||||
echo "Your data has been preserved at: $DATA_DIR"
|
||||
echo ""
|
||||
echo "To reinstall MyFSIO with existing data, run:"
|
||||
echo " curl -fsSL https://go.jzwsite.com/myfsio-install | sudo bash"
|
||||
echo "Preserved files include:"
|
||||
echo " - All buckets and objects"
|
||||
echo " - IAM configuration: $DATA_DIR/.myfsio.sys/config/iam.json"
|
||||
echo " - Bucket policies: $DATA_DIR/.myfsio.sys/config/bucket_policies.json"
|
||||
echo " - Secret key: $DATA_DIR/.myfsio.sys/config/.secret"
|
||||
echo " - Encryption keys: $DATA_DIR/.myfsio.sys/keys/ (if encryption was enabled)"
|
||||
echo ""
|
||||
echo "To reinstall MyFSIO with existing data:"
|
||||
echo " ./install.sh --data-dir $DATA_DIR"
|
||||
echo ""
|
||||
fi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user