Hugging Face's logo

Spaces:
aknouce94
/
cybersleuth-prodigy
Running

App Files Community
aknouce94 commited on
Commit
04dbd52
·
verified ·
1 Parent(s): 9905261

#!/bin/bash

Browse files

# HTS Investigation Suite - Déploiement Automatisé Complet
# HIGH TECH SECURITY - Production Full Stack Deployment

set -euo pipefail

# Configuration
PROJECT_NAME="hts-investigation"
PROJECT_DIR="/opt/hts-investigation"
BACKUP_DIR="/opt/hts-backups"
LOG_FILE="/var/log/hts-deployment.log"
VERSION="2.1.0"

# Couleurs
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
PURPLE='\033[0;35m'
CYAN='\033[0;36m'
NC='\033[0m'

# Logging
exec 1> >(tee -a "$LOG_FILE")
exec 2> >(tee -a "$LOG_FILE" >&2)

log() {
echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
}

success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}

warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}

error() {
echo -e "${RED}[ERROR]${NC} $1"
exit 1
}

header() {
echo ""
echo -e "${CYAN}================================================${NC}"
echo -e "${CYAN}$1${NC}"
echo -e "${CYAN}================================================${NC}"
echo ""
}

# Vérifications préalables
check_requirements() {
header "🔍 VÉRIFICATIONS PRÉALABLES"

# Root check
if [[ $EUID -ne 0 ]]; then
error "Ce script doit être exécuté en tant que root"
fi

# OS check
if ! grep -q "Ubuntu\|Debian" /etc/os-release; then
warning "OS non testé - Ubuntu/Debian recommandé"
fi

# Docker check
if ! command -v docker &> /dev/null; then
log "Docker non trouvé - installation nécessaire"
INSTALL_DOCKER=true
else
success "Docker détecté: $(docker --version)"
fi

# Memory check
TOTAL_MEM=$(free -m | awk 'NR==2{printf "%.0f", $2}')
if [ "$TOTAL_MEM" -lt 4096 ]; then
warning "Mémoire insuffisante: ${TOTAL_MEM}MB (4GB recommandé)"
else
success "Mémoire suffisante: ${TOTAL_MEM}MB"
fi

# Disk check
AVAILABLE_DISK=$(df / | awk 'NR==2 {print $4}')
if [ "$AVAILABLE_DISK" -lt 10485760 ]; then # 10GB en KB
warning "Espace disque insuffisant (10GB recommandé)"
else
success "Espace disque suffisant"
fi
}

# Installation Docker si nécessaire
install_docker() {
if [ "${INSTALL_DOCKER:-false}" = true ]; then
header "🐳 INSTALLATION DOCKER"

# Suppression anciennes versions
apt-get remove -y docker docker-engine docker.io containerd runc || true

# Installation dépendances
apt-get update
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release

# Ajout clé GPG Docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

# Ajout repository
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null

# Installation Docker
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

# Configuration
systemctl enable docker
systemctl start docker

# Installation Docker Compose standalone
curl -L "https://github.com/docker/compose/releases/download/v2.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

success "Docker installé: $(docker --version)"
success "Docker Compose installé: $(docker-compose --version)"
fi
}

# Préparation environnement
setup_environment() {
header "🏗️ PRÉPARATION ENVIRONNEMENT"

# Création utilisateur système
if ! id "hts" &>/dev/null; then
useradd -r -s /bin/bash -d "$PROJECT_DIR" -m hts
success "Utilisateur hts créé"
fi

# Création répertoires
mkdir -p "$PROJECT_DIR"/{data,logs,backups,config,uploads,models}
mkdir -p "$BACKUP_DIR"
mkdir -p /var/log/hts

# Permissions
chown -R hts:hts "$PROJECT_DIR"
chown -R hts:hts /var/log/hts

success "Structure de répertoires créée"
}

# Configuration firewall et sécurité
setup_security() {
header "🔒 CONFIGURATION SÉCURITÉ"

# Installation fail2ban
apt-get install -y fail2ban

# Configuration fail2ban pour HTS
cat > /etc/fail2ban/jail.d/hts.conf << 'EOF'
[hts-investigation]
enabled = true
port = 8000,3000,80,443
logpath = /var/log/hts/*.log
maxretry = 5
bantime = 3600
findtime = 600
EOF

systemctl enable fail2ban
systemctl restart fail2ban

# Configuration UFW
ufw --force enable
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp # SSH
ufw allow 80/tcp # HTTP
ufw allow 443/tcp # HTTPS
ufw allow 8000/tcp # API HTS
ufw allow 3000/tcp # Frontend HTS
ufw reload

success "Sécurité configurée (fail2ban + firewall)"
}

# Configuration SSL automatique
setup_ssl() {
header "🔐 CONFIGURATION SSL"

# Installation Certbot
apt-get install -y certbot nginx

# Configuration Nginx de base
cat > /etc/nginx/sites-available/hts-investigation << 'EOF'
server {
listen 80;
server_name _;

location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

location /api/ {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

location /metrics {
allow 127.0.0.1;
deny all;
proxy_pass http://localhost:8001;
}
}
EOF

ln -sf /etc/nginx/sites-available/hts-investigation /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default

nginx -t && systemctl reload nginx
systemctl enable nginx

success "Nginx configuré"
}

# Création des fichiers Docker
create_docker_files() {
header "🐳 CRÉATION FICHIERS DOCKER"

cd "$PROJECT_DIR"

# Package.json pour le frontend
cat > package.json << 'EOF'
{
"name": "hts-investigation-frontend",
"version": "2.1.0",
"description": "HIGH TECH SECURITY - HTS Investigation Suite Frontend",
"dependencies": {
"react": "^18.2.0",
"react-dom": "^18.2.0",
"axios": "^1.6.0",
"lucide-react": "^0.300.0",
"recharts": "^2.8.0"
},
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"test": "react-scripts test",
"eject": "react-scripts eject"
},
"eslintConfig": {
"extends": ["react-app"]
},
"browserslist": {
"production": [">0.2%", "not dead", "not op_mini all"],
"development": ["last 1 chrome version", "last 1 firefox version", "last 1 safari version"]
},
"devDependencies": {
"react-scripts": "5.0.1"
}
}
EOF

# Script de démarrage API
cat > start.sh << 'EOF'
#!/bin/bash
set -e

echo "🛡️ HIGH TECH SECURITY - HTS Investigation Suite v2.1.0"
echo "🚀 Démarrage API Backend..."

# Attendre que la base soit prête
until pg_isready -h postgres -p 5432 -U hts_user; do
echo "Attente base de données..."
sleep 2
done

echo "✅ Base de données prête"

# Migrations si nécessaire
python -c "
from sqlalchemy import create_engine, text
import os
engine = create_engine(os.getenv('DATABASE_URL'))
with engine.connect() as conn:
conn.execute(text('SELECT 1'))
print('✅ Connexion DB validée')
"

# Téléchargement modèles NLTK
python -c "
import nltk
nltk.download('punkt', quiet=True)
nltk.download('words', quiet=True)
print('✅ Modèles NLTK prêts')
"

echo "🚀 Lancement serveur API HTS Investigation..."
exec "$@"
EOF

chmod +x start.sh

# Configuration Nginx pour frontend
cat > nginx-frontend.conf << 'EOF'
server {
listen 80;
root /usr/share/nginx/html;
index index.html;

# Compression
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

# Cache statique
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}

# SPA routing
location / {
try_files $uri $uri/ /index.html;
}

# Health check
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
}
EOF

# Configuration Prometheus
cat > prometheus.yml << 'EOF'
global:
scrape_interval: 15s
evaluation_interval: 15s

rule_files:
- "hts_rules.yml"

scrape_configs:
- job_name: 'hts-investigation-api'
static_configs:
- targets: ['hts-api:8000']
metrics_path: '/metrics'
scrape_interval: 30s

- job_name: 'hts-monitoring'
static_configs:
- targets: ['hts-api:8001']
scrape_interval: 30s

- job_name: 'node-exporter'
static_configs:
- targets: ['node-exporter:9100']

alerting:
alertmanagers:
- static_configs:
- targets:
- alertmanager:9093
EOF

# Règles d'alerte Prometheus
cat > hts_rules.yml << 'EOF'
groups:
- name: hts-investigation
rules:
- alert: HTSAPIDown
expr: up{job="hts-investigation-api"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "HTS Investigation API is down"
description: "HTS Investigation API has been down for more than 1 minute."

- alert: HTSHighCPU
expr: hts_system_cpu_usage_percent > 80
for: 5m
labels:
severity: warning
annotations:
summary: "High CPU usage on HTS system"
description: "CPU usage is above 80% for more than 5 minutes."

- alert: HTSH

Files changed (0) hide show