Tweak the nginx setup

2024-03-18 10:48:12 +05:30 · 2024-03-18 10:48:12 +05:30 · 303b26b95f
parent 9ba9b8a984
commit 303b26b95f
6 changed files with 16 additions and 8 deletions
--- a/server/cmd/museum/main.go
+++ b/server/cmd/museum/main.go
@ -712,7 +712,7 @@ func main() {
 }

 func runServer(environment string, server *gin.Engine) {
-	if environment == "local" {
+	if environment == "local" || environment == "proxy" {
 		server.Run(":8080")
 	} else {
 		certPath, err := config.CredentialFilePath("tls.cert")
--- a/server/configurations/proxy.yaml
+++ b/server/configurations/proxy.yaml
@ -0,0 +1,11 @@
+# Production setup when running behind a reverse proxy like Nginx
+#
+# - TLS terminates on Nginx not on us
+# - Otherwise the same as `production.yaml`
+
+log-file: /var/logs/museum.log
+
+stripe:
+    path:
+        success: ?status=success&session_id={CHECKOUT_SESSION_ID}
+        cancel: ?status=fail&reason=canceled
--- a/server/scripts/deploy/README.md
+++ b/server/scripts/deploy/README.md
@ -1,8 +1,5 @@
 # Production Deployments

-Museum runs using Docker + systemd on production instances, load balanced via
-Cloudflare.
-
 This document outlines how we ourselves deploy museum. Note that this is very
 specific to our use case, and while this might be useful as an example, this is
 likely overkill for simple self hosted deployments.
--- a/server/scripts/deploy/museum.nginx.conf
+++ b/server/scripts/deploy/museum.nginx.conf
@ -7,7 +7,7 @@ server {
    server_name api.ente.io;

    location / {
-        proxy_pass http://host.docker.internal:9000;
+        proxy_pass http://host.docker.internal:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
--- a/server/scripts/deploy/museum.nginx.service
+++ b/server/scripts/deploy/museum.nginx.service
@ -9,9 +9,9 @@ ExecStartPre=docker pull rg.fr-par.scw.cloud/ente/museum-prod
 ExecStartPre=-docker stop museum
 ExecStartPre=-docker rm museum
 ExecStart=docker run --name museum \
-     -e ENVIRONMENT=production \
+     -e ENVIRONMENT=proxy \
     --hostname "%H" \
-     -p 443:443 \
+     -p 8080:8080 \
     -p 2112:2112 \
     -v /root/museum/credentials:/credentials:ro \
     -v /root/museum/credentials.yaml:/credentials.yaml:ro \
--- a/server/scripts/deploy/update-and-restart-museum.sh
+++ b/server/scripts/deploy/update-and-restart-museum.sh
@ -3,7 +3,7 @@
 # This script is meant to be run on the production instances.
 #
 # It will pull the latest Docker image, restart the museum process and start
-# tailing the logs.
+# tailing the logs as a sanity check.

 set -o errexit