Lost access to ec2 instance after running this script I made
Question
I was just creating a new instance to deploy a NextJS project on ec2 but every time I run the following script I lose access to the ec2 instance. Anyone can help me debug what is wrong with the script? I receive the following error:
ubuntu@x.x.x.x: Permission denied (publickey).
Here is the script:
#!/bin/bash
# Shell Arguments
# 1. Domain name without "www" in front of it.
# 2. Path to the zip file in s3.
# 3. Name of the folder in which the website files is to be stored.
# 4. Email address that is used by certbot to create SSL certificate.
# 5. S3 Bucket name from which the zip file should be pulled from.
DOMAIN_NAME=$1
DOMAIN_NAME_WWW="www.$1"
ZIP_FILE_NAME=$2
DIR_NAME=$3
DIR=/home/ubuntu/$DIR_NAME
EMAIL=$4
AWS_S3_BUCKET=$5
cd /home/ubuntu/
echo "Updating Packages"
sudo apt -y update && sudo apt -y upgrade
echo "Installing Zip Unzip to extract the website content later"
sudo apt install zip unzip
echo "Installing AWS CLI"
sudo apt-get install awscli -y
echo "Installing Node"
curl -sL https://deb.nodesource.com/setup_14.x | sudo bash -
sudo apt-get install -y nodejs
echo "Installing Nginx"
sudo apt-get install -y nginx
echo "Installing certbot"
sudo snap install --classic certbot
echo "Installing pm2 and yarn"
sudo npm i -g yarn
sudo npm i -g pm2
echo "Creating nginx config file"
sudo curl --silent https://gist.githubusercontent.com/utkarshk384/4fb1fc782351fbf2038560e9380fdd7c/raw/4bd1ede2f2d83134edc0c885c9d56cac75b8a391/nextjs-http > nextjs-http
sed -i "10s/SERVER_NAME/$DOMAIN_NAME $DOMAIN_NAME_WWW/" ./nextjs-http
echo "Moving ngnix config file"
sudo mv nextjs-http /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-available/default
echo "Changing few settings in nginx.conf"
LINE_NUMBER=`sed -n "/sites-enabled/=" /etc/nginx/nginx.conf`
sudo sed -i "s$LINE_NUMBERs|#||" /etc/nginx/nginx.conf
sudo sed -i "s$LINE_NUMBERs|sites-enabled\/\*|sites-enabled\/nextjs-http|" /etc/nginx/nginx.conf
sudo systemctl restart nginx
echo "Setting up server for ssl certificate"
sudo ufw allow ssh
sudo ufw --force enable
sudo ufw allow 'Nginx Full'
sudo ufw status
echo "Acquiring SSL Certificate"
sudo certbot --nginx -d $DOMAIN_NAME -d $DOMAIN_NAME_WWW --agree-tos -m $EMAIL --noninteractive
echo "Preflight installation completed. Starting to build website"
echo "Creating our website folder"
if [ -d "$DIR" ]; then
echo "${DIR} is already present"
else
echo "Creating new directory at ${DIR}"
mkdir $DIR
fi
echo "Downloading Website files from S3"
aws s3 cp s3://$AWS_S3_BUCKET/$ZIP_FILE_NAME $DIR/$ZIP_FILE_NAME
unzip -o /$DIR/$ZIP_FILE_NAME -d /$DIR
rm $DIR/$ZIP_FILE_NAME
# Set it to 777 so that the folder isn't write protected.
sudo chmod -R 666 $DIR
echo "Installing packages"
cd $DIR
sudo yarn
echo "Copying .env to website folder"
sudo cp ../.env.production ./
echo "Creating build"
yarn build
echo "Starting the website"
{
pm2 stop site
pm2 start site
} || {
pm2 start yarn --name site -- start 4000
pm2 save
}
echo "Started the site and is running"
pm2 status
# echo "Freeing Port 80 if occupied by apache"
# sudo systemctl disable apache2 && sudo systemctl stop apache2
I also tried the following methods to resolve but didn't succeed:
- Initially I thought AWS-CLI was causing the issue so, I created a new instance and then installed AWS-CLI and pulled the zip file from S3 bucket. After that, I restarted the instance and found out that wasn't causing the issue.
- I then ran the script fully to just lose access to the instance. Now, I tried disabling UFW by setting
user-datathinking that might be the issue here. However, to my surprise that still wasn't the problem.
The user-data that I passed to the instance is as follows:
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
cloud_final_modules:
- [scripts-user, always]
--//
Content-Type:
text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
iptables -F
sudo ufw disable
service sshd restart
--//
Edit: I do have SSH Host KEY Fingerprints and SSH HOST KEY that I got from the system log. If possible I'd like to recover it in the same instance.
Edit 2: I ran all the script commands one by one on another script and I found no issues. Now, I am seriously confused.
1 answers
solution1
1 2022-02-27 09:17:34
Suggesting to debug with set -x and set +x to find the offensive command. And redirect/store the output into a log file.
Suggesting to replace the following lines (just to be on the safe side there is no offensive whitespaces):
DOMAIN_NAME=$1
DOMAIN_NAME_WWW="www.$1"
ZIP_FILE_NAME=$2
DIR_NAME=$3
DIR=/home/ubuntu/$DIR_NAME
EMAIL=$4
AWS_S3_BUCKET=$5
With
DOMAIN_NAME="$1"
DOMAIN_NAME_WWW="www.$1"
ZIP_FILE_NAME="$2"
DIR_NAME="$3"
DIR="/home/ubuntu/$DIR_NAME"
EMAIL="$4"
AWS_S3_BUCKET="$5"
Suggesting to check ufw commands. If there is any communication reset that disconnects you. Make sure your current connection is ssh on port 22. If not make sure the current port is open as well in ufw
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.