Running the In-Place Upgrade Script
Overview
This article goes over how to run the in-place upgrade script to upgrade to version 3.004.06.
Note: This script only applies for users already on version 3.x who want to upgrade to the latest version. Version 2.x users who would like to upgrade to the latest version can follow the migration guide.
Important Mentions
Our recommended approach for upgrading to a new version of SFTP Gateway is to spin up a new SFTP Gateway instance and import your Users & Settings into the new instance using a Backup file. You can export a new Backup file under Settings ---> Backup & Recovery ---> Export Backup File. For more information on our recommended upgrade process, check out this article.
We've created this script for user conveniance, but the safest approach would be the method mentioned above. Before running the script, we would highly recommend creating a new Backup File containing your Users & Settings.
Additionally, if you used LetsEncrypt to create an SSL cert, make sure to edit the website.conf file to include your hostname, as the script will install a new website.conf file during the upgrade. Check out the Troubleshooting section of the LetsEncrypt article to see what the website.conf file should look like for you.
If you run the script and you become stuck at the Please wait while SFTP Gateway finishes setting up loading screen, contact us at support@thorntech.com and send us the most recent application log (Date is included in the name):
/opt/sftpgw/log/application-2023-12-11.log
Running the Script
SSH into the VM and run this command to elevate your privileges:
sudo su
If you have run the in-place upgrade script before, make sure you're in a different directory than where you previously ran it. You can run this command to create a new directory and move into it:
mkdir 346-upgrade
cd 346-upgrade
Next, run a wget command to download the script:
wget https://thorntech-products.s3.amazonaws.com/sftpgateway/3.004.06/in-place-upgrade.sh
Give the script execute permissions:
chmod +x in-place-upgrade.sh
Finally, run the script:
./in-place-upgrade.sh
When you refresh your Web Admin UI you should now see an updated UI and version at the bottom.
Video Reference
Here are the contents of the script for reference:
#!/bin/bash
#
# Preparation
#
# Show debug output, and halt on errors
set -xe
# Must run script as root, or else show usage
if [[ $(whoami) != "root" ]]; then
echo "Usage: sudo $0"
exit 1
fi
function extractPropValueFromSourceFile {
local prefix="${1}"
local str=`grep "${prefix}" ${2} 2>/dev/null`
echo "${str#$prefix}" | xargs
}
# If on version 2, exit script as the command sftpgw version is only on version 2.x
command -v sftpgw version >/dev/null && exit
# Set target version
TARGET_VERSION="3.4.6"
TARGET_VERBOSE_VERSION="3.004.06"
# Set date
TODAY=$(date +"%m%d%Y")
APPLICATION_PROPERTIES="/opt/sftpgw/application.properties"
# Determine the cloud provider
AWS_DOMAIN=$(curl -s "http://169.254.169.254/latest/meta-data/services/domain")
AZURE_DOMAIN=$(curl --noproxy "*" -H 'Metadata: True' "http://169.254.169.254/metadata/instance/compute/azEnvironment?api-version=2019-06-01&format=text")
CLOUD_PROVIDER=gcp
[[ $AWS_DOMAIN == "amazonaws.com" ]] && CLOUD_PROVIDER=aws
[[ $AZURE_DOMAIN == "AzurePublicCloud" ]] && CLOUD_PROVIDER=azure
# Determine operating system and Nginx user
if getent passwd www-data > /dev/null 2>&1; then
OS=ubuntu
NGINX_USER=www-data
NGINX_CONF_PATH="/etc/nginx/sites-available"
else
OS=centos
NGINX_USER=nginx
NGINX_CONF_PATH="/etc/nginx/conf.d"
fi
function generate_password() {
local length=${1:-16}
echo -n "$(
head /dev/urandom | tr -dc A-Z0-9 | head -c $length
echo ''
)"
}
function set_jwt_secret_in_application_properties() {
local jwt_secret=${1}
echo "Remove any existing security.jwt.secret property"
sudo sed -i.bak '/^security\.jwt\.secret=/d' ${APPLICATION_PROPERTIES}
echo "Setting security.jwt.secret"
echo -e "security.jwt.secret=$jwt_secret" | sudo tee -a ${APPLICATION_PROPERTIES}
}
function synchronize_jwt_secret() {
local property1_key='jwt_secret'
local property1_value=$OAUTH_JWT_SECRET
read -r -d '' SQL_COMMAND <<EOF
WITH old AS (
SELECT
key,
value
FROM properties
WHERE application = 'sftpgateway'
AND profile = ''
AND label = ''
AND (key = '$property1_key')
),
new AS (
INSERT INTO properties (application, profile, label, key, value)
VALUES ('sftpgateway', '', '', '$property1_key', '${property1_value}')
ON CONFLICT DO NOTHING
RETURNING key, value
)
SELECT
key,
value
FROM new
UNION ALL
SELECT
key,
value
FROM old
order by key;
EOF
RESULTS=$(sudo -i -u postgres psql --command="$SQL_COMMAND" -Xt -d sftpgw)
SAVED_OAUTH_JWT_SECRET=$(echo "$RESULTS" | cut -d'|' -f 2 | xargs)
if [[ "$SAVED_OAUTH_JWT_SECRET" != "$OAUTH_JWT_SECRET" ]]; then
echo "Existing JWT Secret found in database"
set_jwt_secret_in_application_properties "$SAVED_OAUTH_JWT_SECRET"
sudo systemctl restart sftpgw-admin-api
fi
}
## Make proper database changes
sudo chsh -s /bin/bash postgres || echo ""
sudo -i -u postgres psql -d sftpgw -c "update databasechangelog set md5sum = null;"
sudo -i -u postgres psql -d sftpgw -c "TRUNCATE TABLE oauth_access_token;"
OAUTH_JWT_SECRET=$(generate_password 128)
set_jwt_secret_in_application_properties "$OAUTH_JWT_SECRET"
if ! grep -e "server.forward-headers-strategy=" ${APPLICATION_PROPERTIES}; then
echo -e "server.forward-headers-strategy=framework" | sudo tee -a ${APPLICATION_PROPERTIES}
fi
if ! grep -e "security.redirect.base-path=" ${APPLICATION_PROPERTIES}; then
echo -e "security.redirect.base-path=backend/" | sudo tee -a ${APPLICATION_PROPERTIES}
fi
#
# Install SFTP Gateway files
#
# Download public resources
wget https://thorntech-products.s3.amazonaws.com/sftpgateway/${TARGET_VERBOSE_VERSION}/assets.zip
unzip assets.zip
# Install Java files
# jar
cd assets
chmod +x sftpgateway-admin-api-${TARGET_VERSION}.jar
chown sftpgw:sftpgw sftpgateway-admin-api-${TARGET_VERSION}.jar
mv sftpgateway-admin-api-${TARGET_VERSION}.jar /opt/sftpgw/
# conf
chown sftpgw:sftpgw sftpgateway-admin-api-${TARGET_VERSION}.conf
mv sftpgateway-admin-api-${TARGET_VERSION}.conf /opt/sftpgw/
chown ${NGINX_USER}:${NGINX_USER} website.conf
mv ${NGINX_CONF_PATH}/website.conf ${NGINX_CONF_PATH}/website.conf-${TODAY}
mv website.conf ${NGINX_CONF_PATH}
# Install website files
mv admin-ui.tar.gz /usr/share/nginx
cd /usr/share/nginx
mv admin-ui admin-ui-${TODAY}
tar xzvpf admin-ui.tar.gz && rm -f $_
chown -R ${NGINX_USER}:${NGINX_USER} admin-ui
# Populate the application properties file
CLIENT_ID=$(extractPropValueFromSourceFile "security.client-id=" ${APPLICATION_PROPERTIES})
CLIENT_SECRET=$(extractPropValueFromSourceFile "security.client-secret=" ${APPLICATION_PROPERTIES})
(
cat <<EOF
window._env_ = {
"clientid": "$CLIENT_ID",
"clientsecret": "$CLIENT_SECRET",
"cloudProvider": "$CLOUD_PROVIDER",
"version": "$TARGET_VERSION"
};
EOF
) | sudo tee /usr/share/nginx/admin-ui/webconfig.js
cd admin-ui
chown -R ${NGINX_USER}:${NGINX_USER} webconfig.js
# Update the version
service sftpgw-admin-api stop
cd /etc/systemd/system/
cp -a sftpgw-admin-api.service sftpgw-admin-api.service-${TODAY}
sed -i "s/sftpgateway-admin-api-.*.jar/sftpgateway-admin-api-${TARGET_VERSION}.jar/" sftpgw-admin-api.service
sed -i "s/e.activeVersion/\"${TARGET_VERSION}\"/" /usr/share/nginx/admin-ui/static/js/main.*.chunk.js
sed -i "s/3.*/${TARGET_VERSION}/" /etc/profile.d/login-info.sh
sed -i '15s/$/TimeoutSec=900/' /etc/systemd/system/sftpgw-admin-api.service
# Restart Nginx
nginx -t && service nginx restart
# Restart Java
systemctl daemon-reload
service sftpgw-admin-api start
synchronize_jwt_secret
sudo chsh -s /sbin/nologin postgres || echo ""