#!/bin/bash

LOCAL_PEM_PATH="/c/Users/olezk/Desktop/mykey.pem"
USERNAME="ubuntu"
DOMAIN="healthai-tuke.com"
CERT_ARCHIVE_PATH="/c/Users/olezk/Desktop/healthai-certs.tar.gz"
SERVER_IP="52.51.10.99"  # Elastic IP


echo "Removing old known_hosts entry..."
ssh-keygen -R "$SERVER_IP" 2>/dev/null


if [ ! -f "$CERT_ARCHIVE_PATH" ]; then
  echo "Certificate archive not found: $CERT_ARCHIVE_PATH"
  exit 1
fi


echo "Copying certificate archive to server $SERVER_IP..."
scp -i "$LOCAL_PEM_PATH" "$CERT_ARCHIVE_PATH" "$USERNAME@$SERVER_IP:~/"


echo "Configuring Nginx and SSL..."

ssh -i "$LOCAL_PEM_PATH" -o StrictHostKeyChecking=no "$USERNAME@$SERVER_IP" <<EOF
  set -e

  sudo apt update
  sudo apt install -y nginx

  # Unpack certificates
  sudo tar xzvf ~/healthai-certs.tar.gz -C /

  # Remove old config if exists
  sudo rm -f /etc/nginx/sites-available/$DOMAIN
  sudo rm -f /etc/nginx/sites-enabled/$DOMAIN

  # Create new HTTPS config
 # Create new HTTPS config
sudo tee /etc/nginx/sites-available/$DOMAIN > /dev/null <<'NGINX'
server {
    listen 80;
    server_name healthai-tuke.com www.healthai-tuke.com;
    return 301 https://\$host\$request_uri;
}

server {
    listen 443 ssl;
    server_name healthai-tuke.com www.healthai-tuke.com;

    ssl_certificate /etc/letsencrypt/live/healthai-tuke.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/healthai-tuke.com/privkey.pem;

    location /api/ {
        proxy_pass http://localhost:5000;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
    }

    location / {
        proxy_pass http://localhost:5173;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        try_files \$uri \$uri/ /index.html;
    }
}
NGINX



  sudo ln -s /etc/nginx/sites-available/$DOMAIN /etc/nginx/sites-enabled/
  sudo nginx -t && sudo systemctl restart nginx
EOF


echo "Checking if https://$DOMAIN is available..."
curl -I --connect-timeout 5 https://$DOMAIN

echo "Server is ready with HTTPS at https://$DOMAIN"