Init Git

scripts/deploy.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+set -euo pipefail
+
+APP_NAME="eop-api"
+AWS_REGION="ap-southeast-7"
+ECR_REPO_URI="804770683810.dkr.ecr.ap-southeast-7.amazonaws.com/amrez/eop-services"
+SSM_PREFIX="/amrez/eop"
+
+need() {
+  local v
+  v=$(aws ssm get-parameter --with-decryption --region "$AWS_REGION" --name "${SSM_PREFIX}/$1" \
+        --query "Parameter.Value" --output text 2>/dev/null || true)
+  if [ -z "${v:-}" ] || [ "$v" == "None" ]; then
+    echo "ERROR: missing SSM parameter: ${SSM_PREFIX}/$1" >&2; exit 1
+  fi
+  echo "$v"
+}
+
+DC=$(  need "Connections__DefaultConnection")   # Host=127.0.0.1;Port=15432;...
+UST=$( need "Connections__UseSchemaPerTenant")
+SB=$(  need "Connections__StorageBackend")
+RC=$(  need "Connections__RedisConnection")
+RDB=$( need "Connections__RedisDb")
+
+aws ecr get-login-password --region "$AWS_REGION" | docker login --username AWS --password-stdin "$ECR_REPO_URI"
+docker pull "$ECR_REPO_URI:latest"
+
+if docker ps -aq -f name=^/${APP_NAME}$ >/dev/null; then
+  docker stop "$APP_NAME" || true
+  docker rm "$APP_NAME" || true
+fi
+
+# DB tunnel ต้องพร้อม (15432)
+if ! ss -lnt | grep -q ":15432 "; then
+  echo "ERROR: tunnel 127.0.0.1:15432 is not listening" >&2
+  exit 1
+fi
+
+# host network ⇒ 127.0.0.1 ใน container = ของโฮสต์
+docker run -d --name "$APP_NAME" \
+  --network=host \
+  --restart=always \
+  -e ASPNETCORE_ENVIRONMENT=Production \
+  -e ASPNETCORE_URLS=http://0.0.0.0:80 \
+  -e "Connections__DefaultConnection=${DC}" \
+  -e "Connections__UseSchemaPerTenant=${UST}" \
+  -e "Connections__StorageBackend=${SB}" \
+  -e "Connections__RedisConnection=${RC}" \
+  -e "Connections__RedisDb=${RDB}" \
+  "$ECR_REPO_URI:latest"
+
+echo "Deployed $APP_NAME using $ECR_REPO_URI:latest"

scripts/setup_tunnel.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+set -euo pipefail
+
+AWS_REGION="ap-southeast-7"
+SSM_PREFIX="/amrez/eop"
+
+need() {
+  aws ssm get-parameter --with-decryption --region "$AWS_REGION" --name "${SSM_PREFIX}/$1" \
+    --query "Parameter.Value" --output text
+}
+
+# autossh
+if ! command -v autossh >/dev/null 2>&1; then
+  dnf install -y autossh >/dev/null
+fi
+
+SSH_USER=$(need "tunnel/ssh_user")
+BASTION_HOST=$(need "tunnel/bastion_host")
+DB_HOST=$(need "tunnel/db_host")
+DB_PORT=$(need "tunnel/db_port")
+LOCAL_PORT=$(need "tunnel/local_port")
+
+install -d -m 700 -o root -g root /opt/eop-tunnel
+aws ssm get-parameter --with-decryption --region "$AWS_REGION" \
+  --name "${SSM_PREFIX}/tunnel/private_key" --query "Parameter.Value" --output text > /opt/eop-tunnel/id_rsa
+chmod 600 /opt/eop-tunnel/id_rsa
+
+cat >/etc/systemd/system/eop-db-tunnel.service <<EOF
+[Unit]
+Description=EOP DB SSH tunnel (LOCAL:${LOCAL_PORT} -> ${DB_HOST}:${DB_PORT} via ${BASTION_HOST})
+After=network-online.target
+Wants=network-online.target
+[Service]
+Type=simple
+User=root
+Restart=always
+RestartSec=5
+ExecStartPre=/usr/bin/bash -lc 'ss -lnt | grep -q ":${LOCAL_PORT} " && killall -q -w ssh || true'
+ExecStart=/usr/bin/autossh -M 0 -N \
+  -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -o ExitOnFailure=yes -o ExitOnForwardFailure=yes \
+  -o StrictHostKeyChecking=no -i /opt/eop-tunnel/id_rsa \
+  -L 127.0.0.1:${LOCAL_PORT}:${DB_HOST}:${DB_PORT} ${SSH_USER}@${BASTION_HOST}
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable --now eop-db-tunnel.service
+
+# wait ready
+for i in {1..30}; do
+  ss -lnt | grep -q ":${LOCAL_PORT} " && exit 0
+  sleep 1
+done
+echo "Tunnel not ready on 127.0.0.1:${LOCAL_PORT}" >&2
+exit 1

scripts/verify.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+APP_NAME="eop-api"
+docker ps --filter "name=^/${APP_NAME}$" --filter "status=running" --format '{{.Names}}' | grep -q "^${APP_NAME}$"
+ss -lnt | grep -q ":80 "