MediaMetz/customer-installer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Schritt7-3

Browse Source
This commit is contained in:
Wolfgang
2026-01-09 21:28:21 +01:00
parent 939b9a576e
commit 37da10da59
3 changed files with 110 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files
install.sh
+76 -48
View File
@@ -183,60 +183,88 @@ fi
info "Step 6 OK: Docker + Compose Plugin installiert, Locales gesetzt, Basis-Verzeichnisse erstellt" info "Step 6 OK: Docker + Compose Plugin installiert, Locales gesetzt, Basis-Verzeichnisse erstellt"
info "Next: Schritt 7 (finales docker-compose + Secrets + n8n/supabase up + Healthchecks)" info "Next: Schritt 7 (finales docker-compose + Secrets + n8n/supabase up + Healthchecks)"
# ===== Step 7: Compose + Secrets + Start =====
step "7" "Deploy docker-compose + generate secrets + start stack"
# Annahmen:
# - CTID ist in $CTID
# - Hostname ist in $CT_HOSTNAME (z.B. supabase$(date +%s))
# - Domain: zq0.de -> ergibt FQDN
N8N_FQDN="${CT_HOSTNAME}.zq0.de"
POSTGRES_PASSWORD="$(rand_alnum 32)" # ---------------------------
DASHBOARD_USERNAME="$(rand_alnum 12)" # Step 7: Finalize stack + secrets + up + checks
DASHBOARD_PASSWORD="$(rand_alnum 24)" # ---------------------------
N8N_ENCRYPTION_KEY="$(rand_hex 64)" info "Step 7: Stack finalisieren + Secrets + Up + Checks"
# Dateien in den CT kopieren # ---- Host/IP für URL bauen
pct push "$CTID" "${SCRIPT_DIR}/templates/docker-compose.yml" "/opt/customer-stack/docker-compose.yml" --perms 0644 # Wenn du später Reverse Proxy nutzt, werden diese Werte angepasst.
pct push "$CTID" "${SCRIPT_DIR}/sql/init_pgvector.sql" "/opt/customer-stack/sql/init_pgvector.sql" --perms 0644 STACK_DIR="/opt/customer-stack"
# .env im CT erstellen N8N_PORT="5678"
pct exec "$CTID" -- bash -lc "cat > /opt/customer-stack/.env <<'EOF' N8N_PROTOCOL="http"
TZ=Europe/Berlin N8N_HOST="${CT_IP}"
N8N_HOST=${N8N_FQDN} N8N_EDITOR_BASE_URL="${N8N_PROTOCOL}://${N8N_HOST}:${N8N_PORT}/"
N8N_EDITOR_BASE_URL=https://${N8N_FQDN}/ WEBHOOK_URL="${N8N_EDITOR_BASE_URL}"
WEBHOOK_URL=https://${N8N_FQDN}/
DASHBOARD_USERNAME=${DASHBOARD_USERNAME} # ---- Secrets generieren (einmalig pro CT)
DASHBOARD_PASSWORD=${DASHBOARD_PASSWORD} # Wichtig: nicht jedes Mal neu erzeugen, sonst ist n8n "kaputt" (encryption key ändert sich)
pct_exec "${CTID}" "test -f ${STACK_DIR}/.env || ( \
N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY} umask 077; \
PG_DB='n8n'; \
POSTGRES_USER=postgres PG_USER='n8n'; \
POSTGRES_PASSWORD=${POSTGRES_PASSWORD} PG_PASSWORD=\"\$(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 32)\"; \
POSTGRES_DB=postgres N8N_ENCRYPTION_KEY=\"\$(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 32)\"; \
N8N_SECURE_COOKIE='false'; \
N8N_PORT='${N8N_PORT}'; \
N8N_PROTOCOL='${N8N_PROTOCOL}'; \
N8N_HOST='${N8N_HOST}'; \
N8N_EDITOR_BASE_URL='${N8N_EDITOR_BASE_URL}'; \
WEBHOOK_URL='${WEBHOOK_URL}'; \
cat > ${STACK_DIR}/.env <<EOF
PG_DB=\${PG_DB}
PG_USER=\${PG_USER}
PG_PASSWORD=\${PG_PASSWORD}
N8N_ENCRYPTION_KEY=\${N8N_ENCRYPTION_KEY}
N8N_SECURE_COOKIE=\${N8N_SECURE_COOKIE}
N8N_PORT=\${N8N_PORT}
N8N_PROTOCOL=\${N8N_PROTOCOL}
N8N_HOST=\${N8N_HOST}
N8N_EDITOR_BASE_URL=\${N8N_EDITOR_BASE_URL}
WEBHOOK_URL=\${WEBHOOK_URL}
EOF EOF
chmod 600 /opt/customer-stack/.env" )"
# Stack hochfahren # ---- Dateien rüberkopieren (compose + sql)
pct exec "$CTID" -- bash -lc "cd /opt/customer-stack && docker compose up -d" # docker-compose.yml
if [[ -f "${SCRIPT_DIR}/templates/docker-compose.yml" ]]; then
COMPOSE_CONTENT="$(cat "${SCRIPT_DIR}/templates/docker-compose.yml")"
pct exec "${CTID}" -- bash -lc "cat > ${STACK_DIR}/docker-compose.yml <<'YML'
${COMPOSE_CONTENT}
YML"
else
die "Missing template: ${SCRIPT_DIR}/templates/docker-compose.yml"
fi
# Warten bis n8n antwortet # sql init
pct exec "$CTID" -- bash -lc ' pct_exec "${CTID}" "mkdir -p ${STACK_DIR}/sql"
set -e if [[ -f "${SCRIPT_DIR}/sql/init_pgvector.sql" ]]; then
for i in $(seq 1 60); do SQL_CONTENT="$(cat "${SCRIPT_DIR}/sql/init_pgvector.sql")"
if curl -fsS http://127.0.0.1:5678/ >/dev/null; then pct exec "${CTID}" -- bash -lc "cat > ${STACK_DIR}/sql/init_pgvector.sql <<'SQL'
echo "[INFO] n8n is up" ${SQL_CONTENT}
exit 0 SQL"
fi else
sleep 2 die "Missing sql file: ${SCRIPT_DIR}/sql/init_pgvector.sql"
done fi
echo "[ERROR] n8n did not become ready in time" >&2
exit 1
'
log_info "Step 7 OK: Stack running" # ---- Volumes + Rechte (wichtig!)
log_info "URL: https://${N8N_FQDN}" pct_exec "${CTID}" "mkdir -p ${STACK_DIR}/volumes/n8n-data ${STACK_DIR}/volumes/postgres/data"
log_info "BasicAuth user: ${DASHBOARD_USERNAME}" # n8n läuft als node (uid 1000), postgres i.d.R. uid 999
log_info "BasicAuth pass: ${DASHBOARD_PASSWORD}" pct_exec "${CTID}" "chown -R 1000:1000 ${STACK_DIR}/volumes/n8n-data"
pct_exec "${CTID}" "chown -R 999:999 ${STACK_DIR}/volumes/postgres/data"
# ---- Start stack
pct_exec "${CTID}" "cd ${STACK_DIR} && docker compose pull"
pct_exec "${CTID}" "cd ${STACK_DIR} && docker compose up -d"
# ---- Minimal Checks
pct_exec "${CTID}" "cd ${STACK_DIR} && docker compose ps"
pct_exec "${CTID}" "cd ${STACK_DIR} && docker logs --tail=30 customer-postgres || true"
pct_exec "${CTID}" "cd ${STACK_DIR} && docker logs --tail=30 n8n || true"
info "Step 7 OK: Stack deployed"
info "n8n: ${N8N_EDITOR_BASE_URL}"
info "Hinweis: Ohne Reverse-Proxy/TLS ist N8N_SECURE_COOKIE=false gesetzt. Später bei HTTPS wieder true."
sql/init_pgvector.sql
+1 -34
View File
@@ -1,35 +1,2 @@
-- Wird beim ersten Start des Containers automatisch ausgeführt
-- (liegt in /docker-entrypoint-initdb.d/)
--
-- Zweck:
-- - DBs anlegen: n8n, vectors
-- - pgvector Extension in beiden DBs aktivieren
-- - optional Schema vec in vectors vorbereiten
\connect postgres
-- Datenbanken anlegen (idempotent)
SELECT 'CREATE DATABASE n8n'
WHERE NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'n8n') \gexec;
SELECT 'CREATE DATABASE vectors'
WHERE NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'vectors') \gexec;
-- pgvector in n8n aktivieren (schadet nicht, hilft evtl. später)
\connect n8n
CREATE EXTENSION IF NOT EXISTS vector; CREATE EXTENSION IF NOT EXISTS vector;
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
-- pgvector in vectors aktivieren
\connect vectors
CREATE EXTENSION IF NOT EXISTS vector;
-- Optional: Schema vorbereiten
CREATE SCHEMA IF NOT EXISTS vec;
-- Optional: Beispiel-Tabelle (Dimension an Embeddings anpassen, z.B. 768 / 1024 / 1536)
-- CREATE TABLE IF NOT EXISTS vec.documents (
-- id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
-- content text,
-- metadata jsonb,
-- embedding vector(1536)
-- );
templates/docker-compose.yml
+33 -51
View File
@@ -1,81 +1,63 @@
services: services:
db: postgres:
image: pgvector/pgvector:pg16 image: pgvector/pgvector:pg16
container_name: customer-db container_name: customer-postgres
restart: unless-stopped restart: unless-stopped
environment: environment:
POSTGRES_USER: ${POSTGRES_USER} POSTGRES_DB: ${PG_DB}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_USER: ${PG_USER}
POSTGRES_DB: ${POSTGRES_DB} POSTGRES_PASSWORD: ${PG_PASSWORD}
TZ: ${TZ:-Europe/Berlin}
volumes: volumes:
- db_data:/var/lib/postgresql/data - ./volumes/postgres/data:/var/lib/postgresql/data
- ./sql/init_pgvector.sql:/docker-entrypoint-initdb.d/10-init_pgvector.sql:ro - ./sql:/docker-entrypoint-initdb.d:ro
networks:
- internal
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB} -h 127.0.0.1"] test: ["CMD-SHELL", "pg_isready -U ${PG_USER} -d ${PG_DB} || exit 1"]
interval: 10s interval: 10s
timeout: 5s timeout: 5s
retries: 12 retries: 20
networks:
- customer-net
n8n: n8n:
image: n8nio/n8n:latest image: n8nio/n8n:latest
container_name: n8n container_name: n8n
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
db: postgres:
condition: service_healthy condition: service_healthy
ports: ports:
- "5678:5678" - "${N8N_PORT}:5678"
environment: environment:
TZ: ${TZ:-Europe/Berlin} # --- Web / Cookies / URL ---
# --- n8n core ---
N8N_HOST: ${N8N_HOST}
N8N_PORT: 5678 N8N_PORT: 5678
N8N_PROTOCOL: https N8N_PROTOCOL: ${N8N_PROTOCOL}
N8N_PATH: / N8N_HOST: ${N8N_HOST}
N8N_EDITOR_BASE_URL: ${N8N_EDITOR_BASE_URL} N8N_EDITOR_BASE_URL: ${N8N_EDITOR_BASE_URL}
WEBHOOK_URL: ${WEBHOOK_URL} WEBHOOK_URL: ${WEBHOOK_URL}
# Reverse-Proxy Betrieb (OPNsense davor) # Ohne TLS/Reverse Proxy: sonst Secure-Cookie Warning / Login-Probleme
N8N_PROXY_HOPS: 1 N8N_SECURE_COOKIE: ${N8N_SECURE_COOKIE}
N8N_SECURE_COOKIE: true
# Optionaler Basisschutz via BasicAuth # --- DB (Postgres) ---
N8N_BASIC_AUTH_ACTIVE: "true" DB_TYPE: postgresdb
N8N_BASIC_AUTH_USER: ${DASHBOARD_USERNAME} DB_POSTGRESDB_HOST: postgres
N8N_BASIC_AUTH_PASSWORD: ${DASHBOARD_PASSWORD} DB_POSTGRESDB_PORT: 5432
DB_POSTGRESDB_DATABASE: ${PG_DB}
DB_POSTGRESDB_USER: ${PG_USER}
DB_POSTGRESDB_PASSWORD: ${PG_PASSWORD}
# Verschlüsselung für Credentials # --- Basics ---
GENERIC_TIMEZONE: Europe/Berlin
TZ: Europe/Berlin
# optional (später hart machen)
N8N_ENCRYPTION_KEY: ${N8N_ENCRYPTION_KEY} N8N_ENCRYPTION_KEY: ${N8N_ENCRYPTION_KEY}
# --- DB für n8n ---
DB_TYPE: postgresdb
DB_POSTGRESDB_HOST: db
DB_POSTGRESDB_PORT: 5432
DB_POSTGRESDB_DATABASE: n8n
DB_POSTGRESDB_USER: ${POSTGRES_USER}
DB_POSTGRESDB_PASSWORD: ${POSTGRES_PASSWORD}
# Qualität-of-life
GENERIC_TIMEZONE: ${TZ:-Europe/Berlin}
volumes: volumes:
- n8n_data:/home/node/.n8n - ./volumes/n8n-data:/home/node/.n8n
networks: networks:
- internal - customer-net
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:5678/ >/dev/null 2>&1 || exit 1"]
interval: 10s
timeout: 5s
retries: 20
networks: networks:
internal: customer-net:
driver: bridge driver: bridge
volumes:
db_data:
n8n_data: