damanukyan/cryptowallet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
cryptowallet/start.sh
ZOMBIIIIIII 31aba0b681 initjirefr
2026-05-28 23:29:18 +03:00

57 lines
2.2 KiB
Bash
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
set -euo pipefail
cd "$(dirname "$0")"
command -v docker >/dev/null 2>&1 || { echo "[ERROR] Docker not installed"; exit 1; }
docker compose version >/dev/null 2>&1 || { echo "[ERROR] docker compose plugin missing"; exit 1; }
# .env handling
if [ ! -f .env ]; then
if [ -f .env.example ]; then
cp .env.example .env
chmod 600 .env
echo "[INFO] .env создан из примера (mode 600) — заполни Vault креды и запусти снова"
exit 1
else
echo "[ERROR] нет ни .env, ни .env.example"
exit 1
fi
fi
# Защита: .env должен быть 600 (только владелец) — содержит Vault role/secret IDs.
ENV_MODE=$(stat -c %a .env 2>/dev/null || stat -f %A .env 2>/dev/null)
if [ "$ENV_MODE" != "600" ]; then
echo "[WARN] .env mode is $ENV_MODE, enforcing 600"
chmod 600 .env
fi
# NOTE: logs/ директория НЕ нужна — audit-логи теперь в stdout (Docker logs).
# Контейнер работает с read_only: true (см. docker-compose.yml).
# Не используйте `docker compose down -v` — удалит keydb_data (кэш/idempotency).
# Не пересоздавайте keydb без бэкапа. Обновление кода: `docker compose build api && docker compose up -d api`.
echo "[INFO] Building and starting containers..."
docker compose up -d --build
echo "[INFO] Waiting for API to become healthy..."
for i in $(seq 1 30); do
if curl -sf http://127.0.0.1:3001/api/health >/dev/null 2>&1; then
echo "[OK] API is healthy"
break
fi
if [ "$i" = "30" ]; then
echo "[ERROR] API not healthy after 60s. Запусти 'docker compose logs --tail=50 api' для диагностики."
exit 1
fi
sleep 2
done
echo ""
echo "API (loopback only): http://127.0.0.1:3001"
echo " Перед публичным доступом → настрой reverse proxy (Caddy/Nginx) с TLS."
echo "Health: http://127.0.0.1:3001/api/health"
echo "Docs: http://127.0.0.1:3001/api/docs"
echo "Logs: docker compose logs -f api"
echo "Audit events: docker compose logs api | grep '\"level\":\"audit\"'"
Reference in New Issue View Git Blame Copy Permalink