[英]Lost access to ec2 instance after running this script I made
I was just creating a new instance to deploy a NextJS project on ec2 but every time I run the following script I lose access to the ec2 instance.我只是创建一个新实例来在 ec2 上部署 NextJS 项目,但每次运行以下脚本时,我都无法访问 ec2 实例。 Anyone can help me debug what is wrong with the script?
任何人都可以帮我调试脚本有什么问题吗? I receive the following error:
我收到以下错误:
ubuntu@x.x.x.x: Permission denied (publickey).
Here is the script:这是脚本:
#!/bin/bash
# Shell Arguments
# 1. Domain name without "www" in front of it.
# 2. Path to the zip file in s3.
# 3. Name of the folder in which the website files is to be stored.
# 4. Email address that is used by certbot to create SSL certificate.
# 5. S3 Bucket name from which the zip file should be pulled from.
DOMAIN_NAME=$1
DOMAIN_NAME_WWW="www.$1"
ZIP_FILE_NAME=$2
DIR_NAME=$3
DIR=/home/ubuntu/$DIR_NAME
EMAIL=$4
AWS_S3_BUCKET=$5
cd /home/ubuntu/
echo "Updating Packages"
sudo apt -y update && sudo apt -y upgrade
echo "Installing Zip Unzip to extract the website content later"
sudo apt install zip unzip
echo "Installing AWS CLI"
sudo apt-get install awscli -y
echo "Installing Node"
curl -sL https://deb.nodesource.com/setup_14.x | sudo bash -
sudo apt-get install -y nodejs
echo "Installing Nginx"
sudo apt-get install -y nginx
echo "Installing certbot"
sudo snap install --classic certbot
echo "Installing pm2 and yarn"
sudo npm i -g yarn
sudo npm i -g pm2
echo "Creating nginx config file"
sudo curl --silent https://gist.githubusercontent.com/utkarshk384/4fb1fc782351fbf2038560e9380fdd7c/raw/4bd1ede2f2d83134edc0c885c9d56cac75b8a391/nextjs-http > nextjs-http
sed -i "10s/SERVER_NAME/$DOMAIN_NAME $DOMAIN_NAME_WWW/" ./nextjs-http
echo "Moving ngnix config file"
sudo mv nextjs-http /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-available/default
echo "Changing few settings in nginx.conf"
LINE_NUMBER=`sed -n "/sites-enabled/=" /etc/nginx/nginx.conf`
sudo sed -i "s$LINE_NUMBERs|#||" /etc/nginx/nginx.conf
sudo sed -i "s$LINE_NUMBERs|sites-enabled\/\*|sites-enabled\/nextjs-http|" /etc/nginx/nginx.conf
sudo systemctl restart nginx
echo "Setting up server for ssl certificate"
sudo ufw allow ssh
sudo ufw --force enable
sudo ufw allow 'Nginx Full'
sudo ufw status
echo "Acquiring SSL Certificate"
sudo certbot --nginx -d $DOMAIN_NAME -d $DOMAIN_NAME_WWW --agree-tos -m $EMAIL --noninteractive
echo "Preflight installation completed. Starting to build website"
echo "Creating our website folder"
if [ -d "$DIR" ]; then
echo "${DIR} is already present"
else
echo "Creating new directory at ${DIR}"
mkdir $DIR
fi
echo "Downloading Website files from S3"
aws s3 cp s3://$AWS_S3_BUCKET/$ZIP_FILE_NAME $DIR/$ZIP_FILE_NAME
unzip -o /$DIR/$ZIP_FILE_NAME -d /$DIR
rm $DIR/$ZIP_FILE_NAME
# Set it to 777 so that the folder isn't write protected.
sudo chmod -R 666 $DIR
echo "Installing packages"
cd $DIR
sudo yarn
echo "Copying .env to website folder"
sudo cp ../.env.production ./
echo "Creating build"
yarn build
echo "Starting the website"
{
pm2 stop site
pm2 start site
} || {
pm2 start yarn --name site -- start 4000
pm2 save
}
echo "Started the site and is running"
pm2 status
# echo "Freeing Port 80 if occupied by apache"
# sudo systemctl disable apache2 && sudo systemctl stop apache2
I also tried the following methods to resolve but didn't succeed:我也尝试了以下方法解决,但没有成功:
user-data
thinking that might be the issue here.user-data
思想来禁用 UFW,这可能是这里的问题。 However, to my surprise that still wasn't the problem. The user-data that I passed to the instance is as follows:我传递给实例的用户数据如下:
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
cloud_final_modules:
- [scripts-user, always]
--//
Content-Type:
text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
iptables -F
sudo ufw disable
service sshd restart
--//
Edit: I do have SSH Host KEY Fingerprints and SSH HOST KEY that I got from the system log.编辑:我确实有 SSH Host KEY Fingerprints 和 SSH HOST KEY 我是从系统日志中得到的。 If possible I'd like to recover it in the same instance.
如果可能的话,我想在同一个实例中恢复它。
Edit 2: I ran all the script commands one by one on another script and I found no issues.编辑 2:我在另一个脚本上一个一个地运行所有脚本命令,但没有发现任何问题。 Now, I am seriously confused.
现在,我很困惑。
Suggesting to debug with set -x
and set +x
to find the offensive command.建议用
set -x
和set +x
调试,找到攻击性命令。 And redirect/store the output into a log file.并将 output 重定向/存储到日志文件中。
Suggesting to replace the following lines (just to be on the safe side there is no offensive whitespaces):建议替换以下行(为了安全起见,没有令人反感的空格):
DOMAIN_NAME=$1
DOMAIN_NAME_WWW="www.$1"
ZIP_FILE_NAME=$2
DIR_NAME=$3
DIR=/home/ubuntu/$DIR_NAME
EMAIL=$4
AWS_S3_BUCKET=$5
With和
DOMAIN_NAME="$1"
DOMAIN_NAME_WWW="www.$1"
ZIP_FILE_NAME="$2"
DIR_NAME="$3"
DIR="/home/ubuntu/$DIR_NAME"
EMAIL="$4"
AWS_S3_BUCKET="$5"
Suggesting to check ufw
commands.建议检查
ufw
命令。 If there is any communication reset that disconnects you.如果有任何通信重置使您断开连接。 Make sure your current connection is
ssh
on port 22. If not make sure the current port is open as well in ufw
确保您当前的连接是端口 22 上的
ssh
如果不是,请确保当前端口在ufw
中也已打开
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.