KYC MCP Server

#!/bin/bash ################################################################################ # EC2 Instance Setup Script for KYC MCP Server # This script prepares an EC2 instance for running the KYC MCP Server # Supports: Amazon Linux 2, Ubuntu 22.04 ################################################################################ set -euo pipefail # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # No Color # Logging functions log_info() { echo -e "${GREEN}[INFO]${NC} $1" } log_warn() { echo -e "${YELLOW}[WARN]${NC} $1" } log_error() { echo -e "${RED}[ERROR]${NC} $1" } # Detect OS detect_os() { if [ -f /etc/os-release ]; then . /etc/os-release OS=$ID VERSION=$VERSION_ID else log_error "Cannot detect OS" exit 1 fi log_info "Detected OS: $OS $VERSION" } # Update system packages update_system() { log_info "Updating system packages..." if [ "$OS" = "amzn" ]; then sudo yum update -y elif [ "$OS" = "ubuntu" ]; then sudo apt-get update sudo apt-get upgrade -y fi log_info "System packages updated" } # Install Docker install_docker() { log_info "Installing Docker..." if command -v docker &> /dev/null; then log_warn "Docker is already installed" docker --version return 0 fi if [ "$OS" = "amzn" ]; then sudo yum install -y docker sudo systemctl enable docker sudo systemctl start docker elif [ "$OS" = "ubuntu" ]; then # Install prerequisites sudo apt-get install -y \ ca-certificates \ curl \ gnupg \ lsb-release # Add Docker's official GPG key sudo mkdir -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg # Set up repository echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null # Install Docker Engine sudo apt-get update sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin sudo systemctl enable docker sudo systemctl start docker fi # Add current user to docker group sudo usermod -aG docker $USER log_info "Docker installed successfully" docker --version } # Install Docker Compose install_docker_compose() { log_info "Installing Docker Compose..." if command -v docker-compose &> /dev/null; then log_warn "Docker Compose is already installed" docker-compose --version return 0 fi # Install Docker Compose v2 DOCKER_COMPOSE_VERSION="v2.24.0" sudo curl -L "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" \ -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose # Create symlink for compatibility sudo ln -sf /usr/local/bin/docker-compose /usr/bin/docker-compose log_info "Docker Compose installed successfully" docker-compose --version } # Install essential tools install_tools() { log_info "Installing essential tools..." if [ "$OS" = "amzn" ]; then sudo yum install -y \ git \ htop \ vim \ curl \ wget \ jq \ nc \ telnet elif [ "$OS" = "ubuntu" ]; then sudo apt-get install -y \ git \ htop \ vim \ curl \ wget \ jq \ netcat \ telnet fi log_info "Essential tools installed" } # Configure firewall configure_firewall() { log_info "Configuring firewall..." if [ "$OS" = "amzn" ]; then # Amazon Linux uses iptables sudo yum install -y iptables-services # Allow SSH sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Allow HTTP/HTTPS sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Allow metrics port (optional, can be restricted to monitoring IPs) sudo iptables -A INPUT -p tcp --dport 9090 -j ACCEPT # Save rules sudo service iptables save sudo systemctl enable iptables elif [ "$OS" = "ubuntu" ]; then # Ubuntu uses ufw sudo ufw --force enable sudo ufw default deny incoming sudo ufw default allow outgoing # Allow SSH sudo ufw allow 22/tcp # Allow HTTP/HTTPS sudo ufw allow 80/tcp sudo ufw allow 443/tcp # Allow metrics port (optional) sudo ufw allow 9090/tcp sudo ufw reload fi log_info "Firewall configured" } # Setup log rotation setup_log_rotation() { log_info "Setting up log rotation..." sudo tee /etc/logrotate.d/kyc-mcp-server > /dev/null <<EOF /var/log/kyc-mcp-server/*.log { daily rotate 14 compress delaycompress notifempty create 0640 root root sharedscripts postrotate docker-compose -f /opt/kyc-mcp-server/docker-compose.yml restart kyc-mcp-server > /dev/null 2>&1 || true endscript } EOF # Create log directory sudo mkdir -p /var/log/kyc-mcp-server log_info "Log rotation configured" } # Install CloudWatch agent install_cloudwatch_agent() { log_info "Installing CloudWatch agent..." if [ "$OS" = "amzn" ]; then sudo yum install -y amazon-cloudwatch-agent elif [ "$OS" = "ubuntu" ]; then wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb sudo dpkg -i -E ./amazon-cloudwatch-agent.deb rm amazon-cloudwatch-agent.deb fi log_info "CloudWatch agent installed" } # Install monitoring tools install_monitoring_tools() { log_info "Installing monitoring tools..." # Install node_exporter for system metrics NODE_EXPORTER_VERSION="1.7.0" wget https://github.com/prometheus/node_exporter/releases/download/v${NODE_EXPORTER_VERSION}/node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64.tar.gz tar xvfz node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64.tar.gz sudo mv node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64/node_exporter /usr/local/bin/ rm -rf node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64* # Create systemd service for node_exporter sudo tee /etc/systemd/system/node_exporter.service > /dev/null <<EOF [Unit] Description=Node Exporter After=network.target [Service] Type=simple User=nobody ExecStart=/usr/local/bin/node_exporter Restart=on-failure [Install] WantedBy=multi-user.target EOF sudo systemctl daemon-reload sudo systemctl enable node_exporter sudo systemctl start node_exporter log_info "Monitoring tools installed" } # Configure swap (recommended for t2/t3 instances) configure_swap() { log_info "Configuring swap space..." # Check if swap already exists if swapon --show | grep -q '/swapfile'; then log_warn "Swap already configured" return 0 fi # Create 2GB swap file sudo fallocate -l 2G /swapfile sudo chmod 600 /swapfile sudo mkswap /swapfile sudo swapon /swapfile # Make swap permanent echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab # Optimize swap usage sudo sysctl vm.swappiness=10 echo 'vm.swappiness=10' | sudo tee -a /etc/sysctl.conf log_info "Swap configured (2GB)" } # Setup application directory setup_app_directory() { log_info "Setting up application directory..." sudo mkdir -p /opt/kyc-mcp-server sudo chown $USER:$USER /opt/kyc-mcp-server log_info "Application directory created: /opt/kyc-mcp-server" } # Configure security settings configure_security() { log_info "Configuring security settings..." # Disable root SSH login sudo sed -i 's/^PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config # Disable password authentication (key-only) sudo sed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config # Restart SSH sudo systemctl restart sshd # Set up automatic security updates if [ "$OS" = "ubuntu" ]; then sudo apt-get install -y unattended-upgrades sudo dpkg-reconfigure -plow unattended-upgrades fi log_info "Security settings configured" } # Install SSL certificate tools install_ssl_tools() { log_info "Installing SSL certificate tools..." if [ "$OS" = "amzn" ]; then sudo yum install -y certbot python3-certbot-nginx elif [ "$OS" = "ubuntu" ]; then sudo apt-get install -y certbot python3-certbot-nginx fi log_info "SSL tools installed" } # Main execution main() { log_info "Starting EC2 instance setup for KYC MCP Server..." detect_os update_system install_docker install_docker_compose install_tools configure_firewall setup_log_rotation install_cloudwatch_agent install_monitoring_tools configure_swap setup_app_directory configure_security install_ssl_tools log_info "==========================================" log_info "EC2 instance setup completed successfully!" log_info "==========================================" log_info "" log_info "Next steps:" log_info "1. Log out and log back in for Docker group changes to take effect" log_info "2. Clone your repository to /opt/kyc-mcp-server" log_info "3. Configure environment variables in .env file" log_info "4. Run the deployment script: ./deploy/deploy.sh" log_info "" log_info "Note: You may need to reboot the instance for all changes to take effect" } # Run main function main