🎉 Added 'backend/KIOSK_BACKEND_VERBINDUNGSPROBLEM_BEHOBEN.md' for kiosk connection issue documentation. 🐛 Refactored setup script and service files in 'backend/' directory for better maintainability. 📚 Updated service files for improved systemd configuration. 💄 Fixed minor typos in the documentation.
This commit is contained in:
189
backend/setup.sh
189
backend/setup.sh
@@ -17,7 +17,7 @@ set -euo pipefail
|
||||
readonly APP_NAME="MYP Druckerverwaltung"
|
||||
readonly APP_VERSION="4.1.0"
|
||||
readonly APP_DIR="/opt/myp"
|
||||
readonly HTTPS_SERVICE_NAME="myp-https"
|
||||
readonly HTTP_SERVICE_NAME="myp-https"
|
||||
readonly KIOSK_SERVICE_NAME="myp-kiosk"
|
||||
readonly WATCHDOG_SERVICE_NAME="kiosk-watchdog"
|
||||
readonly WATCHDOG_PYTHON_SERVICE_NAME="kiosk-watchdog-python"
|
||||
@@ -30,8 +30,8 @@ INSTALL_LOG="$CURRENT_DIR/logs/install.log"
|
||||
ERROR_LOG="$CURRENT_DIR/logs/errors.log"
|
||||
WARNING_LOG="$CURRENT_DIR/logs/warnings.log"
|
||||
DEBUG_LOG="$CURRENT_DIR/logs/debug.log"
|
||||
readonly HTTPS_PORT="443"
|
||||
readonly HTTPS_URL="https://localhost:${HTTPS_PORT}"
|
||||
readonly HTTP_PORT="5000"
|
||||
readonly HTTP_URL="http://localhost:${HTTP_PORT}"
|
||||
readonly SYSTEMD_DIR="$CURRENT_DIR/systemd"
|
||||
readonly SYSTEM_SYSTEMD_DIR="/etc/systemd/system"
|
||||
|
||||
@@ -1326,11 +1326,11 @@ if [ -z "$DISPLAY" ] && [ "$XDG_VTNR" = "1" ]; then
|
||||
# Setze DISPLAY-Variable
|
||||
export DISPLAY=:0
|
||||
|
||||
# Warte auf HTTPS-Backend
|
||||
echo "Warte auf HTTPS-Backend..."
|
||||
# Warte auf HTTP-Backend
|
||||
echo "Warte auf HTTP-Backend..."
|
||||
for i in {1..60}; do
|
||||
if curl -k -s https://localhost:443 >/dev/null 2>&1; then
|
||||
echo "HTTPS-Backend erreichbar"
|
||||
if curl -s http://localhost:5000 >/dev/null 2>&1; then
|
||||
echo "HTTP-Backend erreichbar"
|
||||
break
|
||||
fi
|
||||
echo "Warte... ($i/60)"
|
||||
@@ -1395,12 +1395,11 @@ if [ -z "$DISPLAY" ] && [ "$XDG_VTNR" = "1" ]; then
|
||||
--ignore-certificate-errors-spki-list \
|
||||
--disable-web-security \
|
||||
--allow-running-insecure-content \
|
||||
--unsafely-treat-insecure-origin-as-secure=https://localhost:443 \
|
||||
https://localhost:443
|
||||
http://localhost:5000
|
||||
else
|
||||
exec firefox-esr \
|
||||
--kiosk \
|
||||
https://localhost:443
|
||||
http://localhost:5000
|
||||
fi
|
||||
fi
|
||||
EOF
|
||||
@@ -1739,29 +1738,8 @@ install_npm_dependencies() {
|
||||
log "✅ NPM-Abhängigkeiten verarbeitet"
|
||||
}
|
||||
|
||||
# =========================== SSL-ZERTIFIKAT GENERIERUNG ===========================
|
||||
generate_ssl_certificate() {
|
||||
log "=== SSL-ZERTIFIKAT GENERIERUNG ==="
|
||||
|
||||
progress "Generiere selbstsigniertes SSL-Zertifikat für localhost..."
|
||||
|
||||
local cert_dir="$APP_DIR/certs/localhost"
|
||||
mkdir -p "$cert_dir"
|
||||
|
||||
# Generiere privaten Schlüssel
|
||||
openssl genrsa -out "$cert_dir/localhost.key" 2048 || error "Fehler beim Generieren des privaten Schlüssels"
|
||||
|
||||
# Generiere Zertifikat
|
||||
openssl req -new -x509 -key "$cert_dir/localhost.key" -out "$cert_dir/localhost.crt" -days 365 \
|
||||
-subj "/C=DE/ST=Baden-Wuerttemberg/L=Stuttgart/O=Mercedes-Benz/OU=IT/CN=localhost" \
|
||||
|| error "Fehler beim Generieren des SSL-Zertifikats"
|
||||
|
||||
# Berechtigungen setzen
|
||||
chmod 600 "$cert_dir/localhost.key"
|
||||
chmod 644 "$cert_dir/localhost.crt"
|
||||
|
||||
log "✅ SSL-Zertifikat erfolgreich generiert"
|
||||
}
|
||||
# =========================== SSL-ZERTIFIKAT GENERIERUNG (ENTFERNT) ===========================
|
||||
# SSL-Zertifikate nicht mehr benötigt - verwende HTTP statt HTTPS
|
||||
|
||||
# =========================== ROBUSTE SYSTEMD-SERVICES INSTALLATION ===========================
|
||||
install_systemd_services() {
|
||||
@@ -1785,7 +1763,7 @@ install_systemd_services() {
|
||||
|
||||
# Definiere Service-Dateien mit Priorität
|
||||
local essential_services=(
|
||||
"$HTTPS_SERVICE_NAME.service"
|
||||
"$HTTP_SERVICE_NAME.service"
|
||||
)
|
||||
|
||||
local optional_services=(
|
||||
@@ -1868,14 +1846,14 @@ enable_and_start_services() {
|
||||
local successful_services=0
|
||||
local failed_services=0
|
||||
|
||||
# HTTPS-Service (kritisch)
|
||||
progress "Aktiviere und starte HTTPS-Service (kritisch)..."
|
||||
# HTTP-Backend-Service (kritisch)
|
||||
progress "Aktiviere und starte HTTP-Backend-Service (kritisch)..."
|
||||
|
||||
if systemctl enable "$HTTPS_SERVICE_NAME" 2>/dev/null; then
|
||||
success "✅ HTTPS-Service erfolgreich aktiviert"
|
||||
if systemctl enable "$HTTP_SERVICE_NAME" 2>/dev/null; then
|
||||
success "✅ HTTP-Backend-Service erfolgreich aktiviert"
|
||||
|
||||
if systemctl start "$HTTPS_SERVICE_NAME" 2>/dev/null; then
|
||||
success "✅ HTTPS-Service erfolgreich gestartet"
|
||||
if systemctl start "$HTTP_SERVICE_NAME" 2>/dev/null; then
|
||||
success "✅ HTTP-Backend-Service erfolgreich gestartet"
|
||||
|
||||
# Warte und prüfe Status gründlich
|
||||
local startup_timeout=15
|
||||
@@ -1883,31 +1861,31 @@ enable_and_start_services() {
|
||||
local elapsed=0
|
||||
|
||||
while [ $elapsed -lt $startup_timeout ]; do
|
||||
if systemctl is-active --quiet "$HTTPS_SERVICE_NAME"; then
|
||||
success "✅ HTTPS-Service läuft stabil nach ${elapsed}s"
|
||||
if systemctl is-active --quiet "$HTTP_SERVICE_NAME"; then
|
||||
success "✅ HTTP-Backend-Service läuft stabil nach ${elapsed}s"
|
||||
((successful_services++))
|
||||
break
|
||||
fi
|
||||
sleep $check_interval
|
||||
elapsed=$((elapsed + check_interval))
|
||||
progress "Warte auf HTTPS-Service Startup... (${elapsed}/${startup_timeout}s)"
|
||||
progress "Warte auf HTTP-Backend-Service Startup... (${elapsed}/${startup_timeout}s)"
|
||||
done
|
||||
|
||||
if [ $elapsed -ge $startup_timeout ]; then
|
||||
error "❌ HTTPS-Service Timeout nach ${startup_timeout}s - Service nicht verfügbar"
|
||||
error "❌ HTTP-Backend-Service Timeout nach ${startup_timeout}s - Service nicht verfügbar"
|
||||
|
||||
# Debugging-Informationen
|
||||
info "HTTPS-Service Status-Debug:"
|
||||
systemctl status "$HTTPS_SERVICE_NAME" --no-pager -l || true
|
||||
journalctl -u "$HTTPS_SERVICE_NAME" --no-pager -n 10 || true
|
||||
info "HTTP-Backend-Service Status-Debug:"
|
||||
systemctl status "$HTTP_SERVICE_NAME" --no-pager -l || true
|
||||
journalctl -u "$HTTP_SERVICE_NAME" --no-pager -n 10 || true
|
||||
((failed_services++))
|
||||
fi
|
||||
else
|
||||
error "❌ HTTPS-Service konnte nicht gestartet werden"
|
||||
error "❌ HTTP-Backend-Service konnte nicht gestartet werden"
|
||||
((failed_services++))
|
||||
fi
|
||||
else
|
||||
error "❌ HTTPS-Service konnte nicht aktiviert werden"
|
||||
error "❌ HTTP-Backend-Service konnte nicht aktiviert werden"
|
||||
((failed_services++))
|
||||
fi
|
||||
|
||||
@@ -1988,28 +1966,28 @@ test_application() {
|
||||
|
||||
# Test 1: Service-Status prüfen
|
||||
progress "Teste Service-Status..."
|
||||
if systemctl is-active --quiet "$HTTPS_SERVICE_NAME"; then
|
||||
success "✅ HTTPS-Service ist aktiv"
|
||||
if systemctl is-active --quiet "$HTTP_SERVICE_NAME"; then
|
||||
success "✅ HTTP-Backend-Service ist aktiv"
|
||||
else
|
||||
warning "⚠️ HTTPS-Service ist nicht aktiv"
|
||||
warning "⚠️ HTTP-Backend-Service ist nicht aktiv"
|
||||
((test_warnings++))
|
||||
|
||||
# Debug-Informationen
|
||||
info "Service-Status Debug:"
|
||||
systemctl status "$HTTPS_SERVICE_NAME" --no-pager -l || true
|
||||
systemctl status "$HTTP_SERVICE_NAME" --no-pager -l || true
|
||||
fi
|
||||
|
||||
# Test 2: Port-Verfügbarkeit
|
||||
progress "Teste Port-Verfügbarkeit..."
|
||||
if ss -tlnp | grep -q ":443 "; then
|
||||
success "✅ Port 443 ist geöffnet"
|
||||
if ss -tlnp | grep -q ":5000 "; then
|
||||
success "✅ Port 5000 ist geöffnet"
|
||||
else
|
||||
warning "⚠️ Port 443 ist nicht geöffnet"
|
||||
warning "⚠️ Port 5000 ist nicht geöffnet"
|
||||
((test_warnings++))
|
||||
fi
|
||||
|
||||
# Test 3: HTTPS-Verbindung (robust mit mehreren Methoden)
|
||||
progress "Teste HTTPS-Verbindung (robust)..."
|
||||
# Test 3: HTTP-Backend-Verbindung (robust mit mehreren Methoden)
|
||||
progress "Teste HTTP-Backend-Verbindung (robust)..."
|
||||
|
||||
local max_attempts=20
|
||||
local attempt=1
|
||||
@@ -2017,45 +1995,48 @@ test_application() {
|
||||
|
||||
while [ $attempt -le $max_attempts ]; do
|
||||
# Methode 1: curl mit verschiedenen Optionen
|
||||
if curl -k -s --connect-timeout 3 --max-time 8 "$HTTPS_URL" >/dev/null 2>&1; then
|
||||
if curl -s --connect-timeout 3 --max-time 8 "$HTTP_URL" >/dev/null 2>&1; then
|
||||
connection_successful=true
|
||||
break
|
||||
fi
|
||||
|
||||
# Methode 2: wget als Fallback
|
||||
if command -v wget >/dev/null 2>&1; then
|
||||
if wget -q --no-check-certificate --timeout=3 --tries=1 "$HTTPS_URL" -O /dev/null 2>/dev/null; then
|
||||
if wget -q --timeout=3 --tries=1 "$HTTP_URL" -O /dev/null 2>/dev/null; then
|
||||
connection_successful=true
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
# Methode 3: openssl s_client als direkter Test
|
||||
if echo "GET / HTTP/1.0" | openssl s_client -connect localhost:443 -quiet 2>/dev/null | grep -q "HTTP"; then
|
||||
connection_successful=true
|
||||
break
|
||||
# Methode 3: nc als direkter Port-Test
|
||||
if command -v nc >/dev/null 2>&1; then
|
||||
if echo "GET / HTTP/1.0" | nc -w 3 localhost 5000 2>/dev/null | grep -q "HTTP"; then
|
||||
connection_successful=true
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
progress "Warte auf HTTPS-Backend... ($attempt/$max_attempts)"
|
||||
progress "Warte auf HTTP-Backend... ($attempt/$max_attempts)"
|
||||
sleep 3
|
||||
((attempt++))
|
||||
done
|
||||
|
||||
if [ "$connection_successful" = true ]; then
|
||||
success "✅ HTTPS-Backend erreichbar unter $HTTPS_URL"
|
||||
success "✅ HTTP-Backend erreichbar unter $HTTP_URL"
|
||||
|
||||
# Erweiterte Verbindungstests
|
||||
progress "Führe erweiterte HTTPS-Tests durch..."
|
||||
progress "Führe erweiterte HTTP-Tests durch..."
|
||||
|
||||
# Test Antwortzeit
|
||||
local response_time=$(curl -k -s -w "%{time_total}" -o /dev/null "$HTTPS_URL" 2>/dev/null || echo "timeout")
|
||||
local response_time=$(curl -s -w "%{time_total}" -o /dev/null "$HTTP_URL" 2>/dev/null || echo "timeout")
|
||||
if [ "$response_time" != "timeout" ]; then
|
||||
info "🕐 HTTPS Antwortzeit: ${response_time}s"
|
||||
info "🕐 HTTP Antwortzeit: ${response_time}s"
|
||||
|
||||
# Bewerte Antwortzeit
|
||||
if [ "$(echo "$response_time < 2.0" | bc 2>/dev/null || echo "0")" -eq 1 ]; then
|
||||
# Bewerte Antwortzeit (ohne bc für bessere Kompatibilität)
|
||||
local response_ms=$(echo "$response_time * 1000" | awk '{print int($1)}' 2>/dev/null || echo "9999")
|
||||
if [ "$response_ms" -lt 2000 ]; then
|
||||
success "✅ Gute Antwortzeit"
|
||||
elif [ "$(echo "$response_time < 5.0" | bc 2>/dev/null || echo "0")" -eq 1 ]; then
|
||||
elif [ "$response_ms" -lt 5000 ]; then
|
||||
info "ℹ️ Akzeptable Antwortzeit"
|
||||
else
|
||||
warning "⚠️ Langsame Antwortzeit"
|
||||
@@ -2064,7 +2045,7 @@ test_application() {
|
||||
fi
|
||||
|
||||
# Test HTTP-Status
|
||||
local http_status=$(curl -k -s -o /dev/null -w "%{http_code}" "$HTTPS_URL" 2>/dev/null || echo "000")
|
||||
local http_status=$(curl -s -o /dev/null -w "%{http_code}" "$HTTP_URL" 2>/dev/null || echo "000")
|
||||
if [ "$http_status" = "200" ]; then
|
||||
success "✅ HTTP Status 200 OK"
|
||||
else
|
||||
@@ -2072,42 +2053,34 @@ test_application() {
|
||||
fi
|
||||
|
||||
else
|
||||
error "❌ HTTPS-Backend nicht erreichbar nach $max_attempts Versuchen"
|
||||
error "❌ HTTP-Backend nicht erreichbar nach $max_attempts Versuchen"
|
||||
((test_errors++))
|
||||
|
||||
# Debugging-Informationen
|
||||
info "HTTPS-Debug Informationen:"
|
||||
netstat -tlnp | grep ":443" || info "Port 443 nicht gefunden"
|
||||
ss -tlnp | grep ":443" || info "Port 443 nicht in ss gefunden"
|
||||
info "HTTP-Debug Informationen:"
|
||||
netstat -tlnp | grep ":5000" || info "Port 5000 nicht gefunden"
|
||||
ss -tlnp | grep ":5000" || info "Port 5000 nicht in ss gefunden"
|
||||
fi
|
||||
|
||||
# Test 4: SSL-Zertifikat (erweitert)
|
||||
progress "Teste SSL-Zertifikat (erweitert)..."
|
||||
# Test 4: HTTP-Header und Content-Type Prüfung
|
||||
progress "Teste HTTP-Header und Content-Type..."
|
||||
|
||||
# Methode 1: openssl s_client
|
||||
if echo | openssl s_client -connect localhost:443 -servername localhost 2>/dev/null | openssl x509 -noout -text >/dev/null 2>&1; then
|
||||
success "✅ SSL-Zertifikat ist gültig"
|
||||
|
||||
# Zertifikat-Details extrahieren
|
||||
local cert_info=$(echo | openssl s_client -connect localhost:443 -servername localhost 2>/dev/null | openssl x509 -noout -subject -dates 2>/dev/null || echo "Nicht verfügbar")
|
||||
info "📜 Zertifikat-Info: $cert_info"
|
||||
|
||||
else
|
||||
warning "⚠️ SSL-Zertifikat-Test fehlgeschlagen"
|
||||
((test_warnings++))
|
||||
|
||||
# Alternative: Teste ob Zertifikat-Dateien existieren
|
||||
if [ -f "$APP_DIR/certs/localhost/localhost.crt" ] && [ -f "$APP_DIR/certs/localhost/localhost.key" ]; then
|
||||
info "📁 SSL-Zertifikat-Dateien sind vorhanden"
|
||||
|
||||
# Teste Zertifikat-Datei direkt
|
||||
if openssl x509 -in "$APP_DIR/certs/localhost/localhost.crt" -noout -text >/dev/null 2>&1; then
|
||||
success "✅ SSL-Zertifikat-Datei ist gültig"
|
||||
else
|
||||
warning "⚠️ SSL-Zertifikat-Datei ist ungültig"
|
||||
((test_warnings++))
|
||||
fi
|
||||
if [ "$connection_successful" = true ]; then
|
||||
# Test Content-Type Header
|
||||
local content_type=$(curl -s -I "$HTTP_URL" 2>/dev/null | grep -i "content-type:" | head -1 | cut -d: -f2 | tr -d ' \r\n' || echo "unknown")
|
||||
if [[ "$content_type" == *"text/html"* ]]; then
|
||||
success "✅ Korrekte HTML-Antwort erkannt"
|
||||
else
|
||||
info "ℹ️ Content-Type: $content_type"
|
||||
fi
|
||||
|
||||
# Test Server Header
|
||||
local server_header=$(curl -s -I "$HTTP_URL" 2>/dev/null | grep -i "server:" | head -1 | cut -d: -f2 | tr -d ' \r\n' || echo "unknown")
|
||||
if [ "$server_header" != "unknown" ]; then
|
||||
info "🖥️ Server: $server_header"
|
||||
fi
|
||||
else
|
||||
info "ℹ️ HTTP-Header Test übersprungen (Backend nicht erreichbar)"
|
||||
fi
|
||||
|
||||
# Test 5: Python-Anwendung Import-Test
|
||||
@@ -2274,7 +2247,6 @@ install_dependencies_only() {
|
||||
# Anwendung deployen
|
||||
deploy_application
|
||||
install_npm_dependencies
|
||||
generate_ssl_certificate
|
||||
|
||||
# Services für manuelles Testen vorbereiten
|
||||
install_systemd_services
|
||||
@@ -2306,8 +2278,8 @@ install_dependencies_only() {
|
||||
log " 🔧 Services: Installiert und gestartet"
|
||||
info ""
|
||||
info "🚀 System bereit für manuelle Tests und Entwicklung!"
|
||||
info "🌐 HTTPS-Backend sollte verfügbar sein: $HTTPS_URL"
|
||||
info "⚙️ Manuelle App-Start Alternative: cd /opt/myp && python3 app.py"
|
||||
info "🌐 HTTP-Backend sollte verfügbar sein: $HTTP_URL"
|
||||
info "⚙️ Manuelle App-Start Alternative: cd /opt/myp && python3 app.py --production"
|
||||
|
||||
# Fehler-Zusammenfassung anzeigen
|
||||
show_error_summary
|
||||
@@ -2330,9 +2302,9 @@ install_dependencies_only() {
|
||||
echo -e " 1. Testen Sie die Anwendung:"
|
||||
echo -e " ${CYAN}cd $APP_DIR && python3 app.py${NC}"
|
||||
echo -e " 2. Oder prüfen Sie den Service:"
|
||||
echo -e " ${CYAN}sudo systemctl status $HTTPS_SERVICE_NAME${NC}"
|
||||
echo -e " ${CYAN}sudo systemctl status $HTTP_SERVICE_NAME${NC}"
|
||||
echo -e " 3. Zugriff über Browser:"
|
||||
echo -e " ${CYAN}$HTTPS_URL${NC}"
|
||||
echo -e " ${CYAN}$HTTP_URL${NC}"
|
||||
echo ""
|
||||
echo -e "${GREEN}✅ System bereit für manuelle Tests!${NC}"
|
||||
echo -e "${GREEN}=================================================================${NC}"
|
||||
@@ -2366,7 +2338,6 @@ install_full_production_system() {
|
||||
install_python_packages
|
||||
deploy_application
|
||||
install_npm_dependencies
|
||||
generate_ssl_certificate
|
||||
else
|
||||
info "Anwendung bereits deployed - überspringe Basis-Installation"
|
||||
# Trotzdem Netzwerk-Sicherheit aktualisieren
|
||||
@@ -2436,7 +2407,7 @@ install_full_production_system() {
|
||||
log " 🖥️ RDP-Zugang: root:744563017196A (Port 3389)"
|
||||
log " 🔒 Firewall: Konfiguriert und aktiv"
|
||||
log " ⚡ Performance: Optimiert für Raspberry Pi"
|
||||
log " 🌐 HTTPS-Backend: $HTTPS_URL"
|
||||
log " 🌐 HTTP-Backend: $HTTP_URL"
|
||||
log " 🛡️ Sicherheit: IPv6 deaktiviert, erweiterte Netzwerk-Sicherheit"
|
||||
info ""
|
||||
success "🚀 Produktionssystem vollständig einsatzbereit!"
|
||||
|
||||
Reference in New Issue
Block a user