#!/bin/bash
# =============================================================================
# WOOO TECH - SSL 證書設定腳本
# 用於 UAT Server (192.168.0.110)
# =============================================================================

set -e

echo "🔐 開始申請 SSL 證書..."

# 1. 為所有域名申請 SSL 證書
sudo certbot certonly --nginx -d monitor.wooo.work --non-interactive --agree-tos -m admin@wooo.work
sudo certbot certonly --nginx -d gitlab.wooo.work --non-interactive --agree-tos -m admin@wooo.work
sudo certbot certonly --nginx -d cloud.wooo.work --non-interactive --agree-tos -m admin@wooo.work

echo "✅ SSL 證書申請完成"

# 2. 備份現有 nginx 配置
echo "📦 備份現有配置..."
sudo cp /etc/nginx/sites-available/monitor /etc/nginx/sites-available/monitor.bak.$(date +%Y%m%d)

# 3. 複製新配置
echo "📝 更新 nginx 配置..."
sudo cp /home/wooo/momo_pro_system/k8s/nginx/monitor.conf /etc/nginx/sites-available/monitor

# 4. 測試配置
echo "🧪 測試 nginx 配置..."
sudo nginx -t

# 5. 重載 nginx
echo "🔄 重載 nginx..."
sudo systemctl reload nginx

echo ""
echo "✅ 完成！現在可以透過 HTTPS 訪問："
echo "   - https://monitor.wooo.work/"
echo "   - https://gitlab.wooo.work/"
echo "   - https://cloud.wooo.work/"
echo ""
echo "📊 監控入口頁面路徑："
echo "   - /grafana/      → Docker Grafana (3000)"
echo "   - /k8s-grafana/  → K8s Grafana (30030)"
echo "   - /prometheus/   → Prometheus (9090)"
echo "   - /portainer/    → Portainer (9000)"
echo "   - /n8n/          → n8n (5678)"
echo "   - /pgadmin/      → pgAdmin (8088)"