# Remote Approver

```
 /$$                     /$$       /$$   /$$       
|__/                    | $$      |__/  | $$       
 /$$ /$$$$$$$   /$$$$$$ | $$$$$$$  /$$ /$$$$$$     
| $$| $$__  $$ |____  $$| $$__  $$| $$|_  $$_/     
| $$| $$  \ $$  /$$$$$$$| $$  \ $$| $$  | $$       
| $$| $$  | $$ /$$__  $$| $$  | $$| $$  | $$ /$$   
| $$| $$  | $$|  $$$$$$$| $$$$$$$/| $$  |  $$$$//$$
|__/|__/  |__/ \_______/|_______/ |__/   \___/ |__/
```

Production-ready CLI for configuring and running the Inabit Remote Approver with Docker and nginx.

Current version: v0.1.3

## What you get

* Guided setup wizard (validates token, configures URL/ports, generates nginx.conf)
* Automatic nginx and Docker Compose configuration
* HTTPS support with auto-detected certificates (PEM or CRT/KEY)
* Health checks and smart troubleshooting
* One-command cleanup and uninstall

## Install (production)

Clone the release repository on your remote instance and run the installer:

{% tabs %}
{% tab title="Current user (no sudo)" %}

```bash
# Clone the release bundle (contains installer + docker-compose.yml)
git clone https://your-release-repo-url.git approver-cli
cd approver-cli

# Install as current user (no sudo needed)
bash inabit-cli-installation-v1.0.sh
```

{% endtab %}

{% tab title="System-wide (requires sudo)" %}

```bash
# Clone the release bundle (contains installer + docker-compose.yml)
git clone https://your-release-repo-url.git approver-cli
cd approver-cli

# Install system-wide (requires sudo)
sudo bash inabit-cli-installation-v1.0.sh
```

{% endtab %}
{% endtabs %}

After installation, the global command `inabit` is available.

## Quick start

```bash
# Run the guided setup
inabit setup

# Check status / logs
inabit status
inabit logs

# Manage services
inabit restart
inabit stop
inabit start

# Cleanup everything created by setup (keeps Docker images)
inabit cleanup

# Uninstall the CLI and remove the global "inabit" command
inabit uninstall

# For system-wide installs, use: sudo inabit uninstall
```

## Setup flow (overview)

{% stepper %}
{% step %}

### Start setup

Run:

```bash
inabit setup
```

This begins the guided wizard.
{% endstep %}

{% step %}

### Validate login token

The wizard validates the provided token and obtains an access token.
{% endstep %}

{% step %}

### Configure service port

Default approver service port: 3020.
{% endstep %}

{% step %}

### Choose network approach

Select one of:

* Domain
* IP + Port
  {% endstep %}

{% step %}

### Domain flow

When using a domain:

* Choose HTTP (80) or HTTPS (443)
* Generates `nginx.conf`
* Auto-updates docker-compose ports
* Detects SSL files in `./ssl` (PEM or CRT/KEY)
  {% endstep %}

{% step %}

### IP + Port flow

When using IP + Port:

* Generates `nginx.conf` with a single `server { listen <custom>; }`
* Proxy to `approver:${APPROVER_PORT}`
* Compose port exposed automatically: `<custom>:<custom>`
  {% endstep %}

{% step %}

### Validate external URL

Wizard performs a health check to validate external accessibility.
{% endstep %}

{% step %}

### Create directories and configuration

Wizard creates required directories and configuration files.
{% endstep %}

{% step %}

### Start services

Starts nginx, then starts the approver service.
{% endstep %}

{% step %}

### Verify accessibility

Wizard verifies the service is reachable and healthy.
{% endstep %}

{% step %}

### Pairing

Shows pairing code and instructions to complete setup.
{% endstep %}
{% endstepper %}

{% hint style="info" %}
During setup, HTTP 403 from curl can be normal if Cloudflare or similar blocks non-browser requests; browsers should still work. The wizard treats 403/502/503 as acceptable during early startup while the approver initializes.
{% endhint %}

## Nginx in production (what the wizard configures)

* Domain
  * Port 80 (HTTP): `server { listen 80; }` that proxies to `approver:${APPROVER_PORT}`
  * Port 443 (HTTPS):
    * `listen 80;` redirects HTTP to HTTPS
    * `listen 443 ssl; http2 on;` uses detected cert/key under `/etc/nginx/ssl/`
  * Docker Compose ports exposed automatically: `80:80` and `443:443`
* IP + Port
  * Single `server { listen <custom>; }` with proxy to `approver:${APPROVER_PORT}`
  * Compose port exposed automatically: `<custom>:<custom>`

Supported certificate pairs to place in local `ssl/`:

* `cert.pem` + `key.pem`
* `cert.crt` + `key.key`
* `server.crt` + `server.key`
* `domain.crt` + `domain.key`

## Project structure (for reference)

```
release/
├── inabit-cli-installation-v1.0.sh   # Installer
├── docker-compose.yml                # Docker services configuration
└── README.md
```

## Prerequisites

{% hint style="warning" %}
Required on the host where you install the CLI:

* Docker
* Docker Compose
* Bash shell
  {% endhint %}

## Troubleshooting

<details>

<summary>Common commands (click to expand)</summary>

```bash
# Status / Logs
inabit status
inabit logs

# Restart / Cleanup
inabit restart
inabit cleanup
```

</details>

## License

This project is part of the Inabit Remote Approver service.