ente/infra/services/nginx/README.md

# Nginx

This is a base Nginx service that terminates TLS, and can be used as a reverse
proxy for arbitrary services by adding new entries in `/root/nginx/conf.d` and
`sudo systemctl reload nginx`.

## Installation

Copy the service definition

```sh
scp services/nginx/nginx.service <instance>:

sudo mv nginx.service /etc/systemd/system/nginx.service
```

Create a directory to house service specific configuration

```sh
sudo mkdir -p /root/nginx/conf.d
```

Add the SSL certificate provided by Cloudflare

```sh
sudo tee /root/nginx/cert.pem
sudo tee /root/nginx/key.pem
```

Tell systemd to pick up new service definition, enable it (so that it
automatically starts on boot going forward), and start it.

```sh
sudo systemctl daemon-reload
sudo systemctl enable --now nginx
```

## Adding a service

When adding new services that sit behind Nginx,

1. Add its nginx conf file to `/root/nginx/conf.d`

2. Restart nginx (`sudo systemctl reload nginx`)

## Configuration files

All the files we put into `/root/nginx/conf.d` get included in an `http` block.
We can see this in the default configuration of nginx:

   http {
       ...
       include /etc/nginx/conf.d/*.conf;
   }

> To view the default configuration, run the following command against the
> [official Docker image for Nginx](https://hub.docker.com/_/nginx), which is
> also what we use:
>
>     docker run --rm --entrypoint=cat nginx /etc/nginx/nginx.conf > /tmp/nginx.conf

This is a [handy tool](https://nginx-playground.wizardzines.com) to check the
syntax of the configuration files. Alternatively, you can run `docker exec nginx
nginx -t` on the instance to ask nginx to check the configuration.

## Updating configuration

Nginx configuration files can be changed without needing to restart anything.

1. Update the configuration file at `/root/nginx/conf.d/museum.conf`
2. Verify that there are no errors in the configuration by using `sudo docker
   exec nginx nginx -t`.
3. Ask nginx to reload the configuration `sudo systemctl reload nginx`.
Import the base nginx service definition we use 2024-03-17 22:08:51 +00:00			`# Nginx`

Add initial nginx conf 2024-03-18 05:09:39 +00:00			`This is a base Nginx service that terminates TLS, and can be used as a reverse`
Import the base nginx service definition we use 2024-03-17 22:08:51 +00:00			proxy for arbitrary services by adding new entries in `/root/nginx/conf.d` and
Support nginx configuration reloads 2024-03-18 16:15:02 +00:00			`sudo systemctl reload nginx`.
Import the base nginx service definition we use 2024-03-17 22:08:51 +00:00
			`## Installation`

Update install instructions 2024-03-18 08:00:07 +00:00			`Copy the service definition`

			```sh
			`scp services/nginx/nginx.service <instance>:`

			`sudo mv nginx.service /etc/systemd/system/nginx.service`
			```

Import the base nginx service definition we use 2024-03-17 22:08:51 +00:00			`Create a directory to house service specific configuration`

Tweak formatting 2024-03-18 16:04:24 +00:00			```sh
			`sudo mkdir -p /root/nginx/conf.d`
			```
Import the base nginx service definition we use 2024-03-17 22:08:51 +00:00
			`Add the SSL certificate provided by Cloudflare`

Tweak formatting 2024-03-18 16:04:24 +00:00			```sh
			`sudo tee /root/nginx/cert.pem`
			`sudo tee /root/nginx/key.pem`
			```
Import the base nginx service definition we use 2024-03-17 22:08:51 +00:00
Add initial nginx conf 2024-03-18 05:09:39 +00:00			`Tell systemd to pick up new service definition, enable it (so that it`
			`automatically starts on boot going forward), and start it.`

			```sh
			`sudo systemctl daemon-reload`
			`sudo systemctl enable --now nginx`
			```

Import the base nginx service definition we use 2024-03-17 22:08:51 +00:00			`## Adding a service`

Add initial nginx conf 2024-03-18 05:09:39 +00:00			`When adding new services that sit behind Nginx,`

			1. Add its nginx conf file to `/root/nginx/conf.d`

Support nginx configuration reloads 2024-03-18 16:15:02 +00:00			2. Restart nginx (`sudo systemctl reload nginx`)
Add documentation comments 2024-03-18 10:14:00 +00:00
			`## Configuration files`

			All the files we put into `/root/nginx/conf.d` get included in an `http` block.
			`We can see this in the default configuration of nginx:`

			`http {`
			`...`
			`include /etc/nginx/conf.d/*.conf;`
			`}`

			`> To view the default configuration, run the following command against the`
			`> [official Docker image for Nginx](https://hub.docker.com/_/nginx), which is`
			`> also what we use:`
			`>`
			`> docker run --rm --entrypoint=cat nginx /etc/nginx/nginx.conf > /tmp/nginx.conf`

			`This is a [handy tool](https://nginx-playground.wizardzines.com) to check the`
Support nginx configuration reloads 2024-03-18 16:15:02 +00:00			syntax of the configuration files. Alternatively, you can run `docker exec nginx
			nginx -t` on the instance to ask nginx to check the configuration.
[server] nginx configuration improvements - Use keepalives - Update deprecated http2 syntax - Document how to check config Refs: - https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives - https://github.com/nginxinc/kubernetes-ingress/issues/4237 - https://stackoverflow.com/questions/65944578/how-to-get-nginx-running-in-docker-to-reload-nginx-conf-configuration 2024-04-04 07:00:56 +00:00
			`## Updating configuration`

			`Nginx configuration files can be changed without needing to restart anything.`

			1. Update the configuration file at `/root/nginx/conf.d/museum.conf`
			2. Verify that there are no errors in the configuration by using `sudo docker
			exec nginx nginx -t`.
			3. Ask nginx to reload the configuration `sudo systemctl reload nginx`.