ctrl-freak/oracle_n8n_postgres.sh

## oracle_n8n_postgres.sh
# This is a string of commands, not a developed script.

# Set a password to be used for the PostgreSQL authentication
POSTGRES_USER='n8n'
POSTGRES_PASSWORD=''

# Create Instance
# Attach Block Storage
# Add a public IP to the NIC
# Edit the Instance > Virtual Cloud Network > Security Lists > Default Security Lists
#  Add ingress rules for port 80 and 443
#  May want to open 5678 for testing

sudo -s

# Format Block Storage
fdisk -l
fdisk /dev/sdb
mkfs.ext4 /dev/sdb1
vim /etc/fstab
mount /data

# Create small swap, swappiness=1
# free -h
sudo fallocate -l 1G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
# sudo swapon --show
# free -h
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
# cat /etc/fstab
# cat /proc/sys/vm/swappiness
sudo sysctl vm.swappiness=1
echo 'vm.swappiness=1' | sudo tee -a /etc/sysctl.conf

# Disable services and clear iptables
update-rc.d nfs-common disable
update-rc.d rpcbind disable
systemctl stop rpcbind
systemctl stop nfs-common
# Back up rules
iptables-save > ~/iptables-rules
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F

apt update
apt upgrade
apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common vim -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
apt-key fingerprint 0EBFCD88
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io -y

groupadd docker
sudo usermod -aG docker $USER

docker network create -d bridge internal

# PostgrSQL 11.5 is required, otherwise a missing column error occurs
docker run --name postgres -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_USER=$POSTGRES_USER -v /data/postgres-n8n:/var/lib/postgresql/data -d postgres:11.5 -c 'listen_addresses="*"' --network internal

docker run --name n8n -d -p 5678:5678 -v /data/n8n:/root/.n8n -e DB_TYPE=postgresdb -e DB_POSTGRESDB_DATABASE=$POSTGRES_USER -e DB_POSTGRESDB_HOST=postgres -e DB_POSTGRESDB_PORT=5432 -e DB_POSTGRESDB_USER=$POSTGRES_USER -e DB_POSTGRESDB_PASSWORD=$POSTGRES_PASSWORD n8nio/n8n

# Confirm both containers showing on internal network
docker network inspect internal

# Can test on port 5678 at this point

# Set up reverse proxy with SSL
apt install apache2 libapache2-mod-auth-openidc libapache2-mod-proxy certbot -y
a2enmod proxy
a2enmod ssl
a2enmod proxy_http
a2enmod ext_filter
a2enmod substitute
systemctl restart apache2
cd /etc/apache2/sites-available/
cp 000-default.conf reverse-proxy.conf

# Edit conf file, set up Auth0 attributes and AuthType Require
vim reverse-proxy.conf
# OIDCProviderMetadataURL
# OIDCProviderAuthorizationEndpoint
# OIDCClientID
# OIDCClientSecret
# OIDCScope "openid email profile"
# OIDCRedirectURI https://
# OIDCCryptoPassphrase abc123def456
# OIDCCookiePath /
# OIDCSessionInactivityTimeout 28800
#
# <Location />
#     AuthType openid-connect
#     Require valid-user
# </Location>
#
# LimitRequestFieldSize 16380
# ProxyPass / http://localhost:5678/
# ProxyPassReverse / http://localhost:5678/

a2ensite reverse-proxy.conf

certbot

# Still issues with sessions being remembered, HTTP 400 after a period of inactivity
# Have tried:
# sudo a2enmod session_cookie
# Session On
# SessionCookieName session path=/
# LimitRequestFieldSize 16380
# OIDCSessionInactivityTimeout 28800
# Fixed, but unsure what did it
	# This is a string of commands, not a developed script.

	# Set a password to be used for the PostgreSQL authentication
	POSTGRES_USER='n8n'
	POSTGRES_PASSWORD=''

	# Create Instance
	# Attach Block Storage
	# Add a public IP to the NIC
	# Edit the Instance > Virtual Cloud Network > Security Lists > Default Security Lists
	# Add ingress rules for port 80 and 443
	# May want to open 5678 for testing

	sudo -s

	# Format Block Storage
	fdisk -l
	fdisk /dev/sdb
	mkfs.ext4 /dev/sdb1
	vim /etc/fstab
	mount /data

	# Create small swap, swappiness=1
	# free -h
	sudo fallocate -l 1G /swapfile
	sudo chmod 600 /swapfile
	sudo mkswap /swapfile
	sudo swapon /swapfile
	# sudo swapon --show
	# free -h
	echo '/swapfile none swap sw 0 0' \| sudo tee -a /etc/fstab
	# cat /etc/fstab
	# cat /proc/sys/vm/swappiness
	sudo sysctl vm.swappiness=1
	echo 'vm.swappiness=1' \| sudo tee -a /etc/sysctl.conf

	# Disable services and clear iptables
	update-rc.d nfs-common disable
	update-rc.d rpcbind disable
	systemctl stop rpcbind
	systemctl stop nfs-common
	# Back up rules
	iptables-save > ~/iptables-rules
	iptables -P INPUT ACCEPT
	iptables -P OUTPUT ACCEPT
	iptables -P FORWARD ACCEPT
	iptables -F

	apt update
	apt upgrade
	apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common vim -y
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| sudo apt-key add -
	apt-key fingerprint 0EBFCD88
	apt-get update
	apt-get install docker-ce docker-ce-cli containerd.io -y

	groupadd docker
	sudo usermod -aG docker $USER

	docker network create -d bridge internal

	# PostgrSQL 11.5 is required, otherwise a missing column error occurs
	docker run --name postgres -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_USER=$POSTGRES_USER -v /data/postgres-n8n:/var/lib/postgresql/data -d postgres:11.5 -c 'listen_addresses="*"' --network internal

	docker run --name n8n -d -p 5678:5678 -v /data/n8n:/root/.n8n -e DB_TYPE=postgresdb -e DB_POSTGRESDB_DATABASE=$POSTGRES_USER -e DB_POSTGRESDB_HOST=postgres -e DB_POSTGRESDB_PORT=5432 -e DB_POSTGRESDB_USER=$POSTGRES_USER -e DB_POSTGRESDB_PASSWORD=$POSTGRES_PASSWORD n8nio/n8n

	# Confirm both containers showing on internal network
	docker network inspect internal

	# Can test on port 5678 at this point

	# Set up reverse proxy with SSL
	apt install apache2 libapache2-mod-auth-openidc libapache2-mod-proxy certbot -y
	a2enmod proxy
	a2enmod ssl
	a2enmod proxy_http
	a2enmod ext_filter
	a2enmod substitute
	systemctl restart apache2
	cd /etc/apache2/sites-available/
	cp 000-default.conf reverse-proxy.conf

	# Edit conf file, set up Auth0 attributes and AuthType Require
	vim reverse-proxy.conf
	# OIDCProviderMetadataURL
	# OIDCProviderAuthorizationEndpoint
	# OIDCClientID
	# OIDCClientSecret
	# OIDCScope "openid email profile"
	# OIDCRedirectURI https://
	# OIDCCryptoPassphrase abc123def456
	# OIDCCookiePath /
	# OIDCSessionInactivityTimeout 28800
	#
	# <Location />
	# AuthType openid-connect
	# Require valid-user
	# </Location>
	#
	# LimitRequestFieldSize 16380
	# ProxyPass / http://localhost:5678/
	# ProxyPassReverse / http://localhost:5678/

	a2ensite reverse-proxy.conf

	certbot

	# Still issues with sessions being remembered, HTTP 400 after a period of inactivity
	# Have tried:
	# sudo a2enmod session_cookie
	# Session On
	# SessionCookieName session path=/
	# LimitRequestFieldSize 16380
	# OIDCSessionInactivityTimeout 28800
	# Fixed, but unsure what did it