diff --git a/infra/services/nginx/README.md b/infra/services/nginx/README.md index 6d46b4de1..7239a5610 100644 --- a/infra/services/nginx/README.md +++ b/infra/services/nginx/README.md @@ -2,7 +2,7 @@ This is a base Nginx service that terminates TLS, and can be used as a reverse proxy for arbitrary services by adding new entries in `/root/nginx/conf.d` and -`sudo systemctl restart nginx`. +`sudo systemctl reload nginx`. ## Installation @@ -16,12 +16,16 @@ sudo mv nginx.service /etc/systemd/system/nginx.service Create a directory to house service specific configuration - sudo mkdir -p /root/nginx/conf.d +```sh +sudo mkdir -p /root/nginx/conf.d +``` Add the SSL certificate provided by Cloudflare - sudo tee /root/nginx/cert.pem - sudo tee /root/nginx/key.pem +```sh +sudo tee /root/nginx/cert.pem +sudo tee /root/nginx/key.pem +``` Tell systemd to pick up new service definition, enable it (so that it automatically starts on boot going forward), and start it. @@ -37,7 +41,7 @@ When adding new services that sit behind Nginx, 1. Add its nginx conf file to `/root/nginx/conf.d` -2. Restart nginx (`sudo systemctl restart nginx`) +2. Restart nginx (`sudo systemctl reload nginx`) ## Configuration files @@ -56,4 +60,5 @@ We can see this in the default configuration of nginx: > docker run --rm --entrypoint=cat nginx /etc/nginx/nginx.conf > /tmp/nginx.conf This is a [handy tool](https://nginx-playground.wizardzines.com) to check the -syntax of the configuration files. +syntax of the configuration files. Alternatively, you can run `docker exec nginx +nginx -t` on the instance to ask nginx to check the configuration. diff --git a/infra/services/nginx/nginx.service b/infra/services/nginx/nginx.service index 4f772d38d..958bb6e06 100644 --- a/infra/services/nginx/nginx.service +++ b/infra/services/nginx/nginx.service @@ -2,6 +2,7 @@ Documentation=https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/ Requires=docker.service After=docker.service +Requires=nginx.service [Install] WantedBy=multi-user.target @@ -17,3 +18,4 @@ ExecStart=docker run --name nginx \ -v /root/nginx/key.pem:/etc/ssl/private/key.pem:ro \ -v /root/nginx/conf.d:/etc/nginx/conf.d:ro \ nginx +ExecReload=docker exec nginx nginx -s reload diff --git a/infra/services/status/README.md b/infra/services/status/README.md new file mode 100644 index 000000000..78d12001e --- /dev/null +++ b/infra/services/status/README.md @@ -0,0 +1,43 @@ +# Status + +Our status page ([status.ente.io](https://status.ente.io)) is a self-hosted +[Uptime Kuma](https://github.com/louislam/uptime-kuma). + +## Installing + +Install [nginx](../nginx/README.md). + +Create a directory where Uptime Kuma will keep its state. This is the directory +we can optionally backup if we wish to preserve history and settings when moving +instances in the future. + +```sh +sudo mkdir -p /root/uptime-kuma +``` + +Add the service definition and nginx configuration. + +```sh +scp services/status/uptime-kuma.* : + +sudo mv uptime-kuma.service /etc/systemd/system/ +sudo mv uptime-kuma.nginx.conf /root/nginx/conf.d +``` + +Tell systemd to pick up new service definitions, enable the unit (so that it +automatically starts on boot), and start it this time around. + +```sh +sudo systemctl daemon-reload +sudo systemctl enable --now uptime-kuma +``` + +Tell nginx to pick up the new configuration. + +```sh +sudo systemctl reload nginx +``` + +## Administration + +Login into the [dashboard](https://status.ente.io/dashboard) for administration. diff --git a/infra/services/status/uptime-kuma.nginx.conf b/infra/services/status/uptime-kuma.nginx.conf new file mode 100644 index 000000000..c45c7b660 --- /dev/null +++ b/infra/services/status/uptime-kuma.nginx.conf @@ -0,0 +1,26 @@ +# This file gets loaded in a top level http block by the default nginx.conf +# See infra/services/nginx/README.md for more details. + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate /etc/ssl/certs/cert.pem; + ssl_certificate_key /etc/ssl/private/key.pem; + + server_name status.ente.io; + + location / { + proxy_pass http://host.docker.internal:3001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Recommended options from Uptime Kuma Wiki for Websockets. + # + # https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy#nginx + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} diff --git a/infra/services/status/uptime-kuma.service b/infra/services/status/uptime-kuma.service new file mode 100644 index 000000000..11789d8c4 --- /dev/null +++ b/infra/services/status/uptime-kuma.service @@ -0,0 +1,16 @@ +[Unit] +Documentation=https://github.com/louislam/uptime-kuma +Requires=docker.service +After=docker.service + +[Install] +WantedBy=multi-user.target + +[Service] +ExecStartPre=docker pull louislam/uptime-kuma:1 +ExecStartPre=-docker stop uptime-kuma +ExecStartPre=-docker rm uptime-kuma +ExecStart=docker run --name uptime-kuma \ + -p 3001:3001 \ + -v /root/uptime-kuma:/app/data \ + louislam/uptime-kuma:1 diff --git a/server/scripts/deploy/README.md b/server/scripts/deploy/README.md index 04d121210..35e1ec079 100644 --- a/server/scripts/deploy/README.md +++ b/server/scripts/deploy/README.md @@ -87,7 +87,7 @@ To bring up an additional museum node: scp scripts/deploy/museum.nginx.conf : sudo mv museum.nginx.conf /root/nginx/conf.d - sudo systemctl restart nginx + sudo systemctl reload nginx ## Starting diff --git a/server/scripts/deploy/museum.nginx.service b/server/scripts/deploy/museum.nginx.service index 73cdd3ff1..566c6c048 100644 --- a/server/scripts/deploy/museum.nginx.service +++ b/server/scripts/deploy/museum.nginx.service @@ -2,6 +2,7 @@ Documentation=https://github.com/ente-io/ente/tree/main/server#readme Requires=docker.service After=docker.service +Requires=nginx.service [Service] Restart=on-failure