[server] Deploy behind nginx (#1132)
Tweaks and fixes as we go towards a real deployment
This commit is contained in:
commit
4e8222afa1
|
@ -38,3 +38,22 @@ When adding new services that sit behind Nginx,
|
|||
1. Add its nginx conf file to `/root/nginx/conf.d`
|
||||
|
||||
2. Restart nginx (`sudo systemctl restart nginx`)
|
||||
|
||||
## Configuration files
|
||||
|
||||
All the files we put into `/root/nginx/conf.d` get included in an `http` block.
|
||||
We can see this in the default configuration of nginx:
|
||||
|
||||
http {
|
||||
...
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
||||
> To view the default configuration, run the following command against the
|
||||
> [official Docker image for Nginx](https://hub.docker.com/_/nginx), which is
|
||||
> also what we use:
|
||||
>
|
||||
> docker run --rm --entrypoint=cat nginx /etc/nginx/nginx.conf > /tmp/nginx.conf
|
||||
|
||||
This is a [handy tool](https://nginx-playground.wizardzines.com) to check the
|
||||
syntax of the configuration files.
|
||||
|
|
|
@ -55,6 +55,13 @@ To bring up an additional museum node:
|
|||
sudo tee /root/museum/credentials/fcm-service-account.json
|
||||
sudo tee /root/museum/credentials.yaml
|
||||
|
||||
* Add billing data
|
||||
|
||||
scp /path/to/billing/*.json <instance>:
|
||||
|
||||
sudo mkdir -p /root/museum/data/billing
|
||||
sudo mv *.json /root/museum/data/billing/
|
||||
|
||||
* If not running behind Nginx, add the TLS credentials (otherwise add the to
|
||||
Nginx)
|
||||
|
||||
|
@ -79,7 +86,7 @@ To bring up an additional museum node:
|
|||
|
||||
scp scripts/deploy/museum.nginx.conf <instance>:
|
||||
|
||||
sudo mv museum.nginx.conf /etc/systemd/system
|
||||
sudo mv museum.nginx.conf /root/nginx/conf.d
|
||||
sudo systemctl restart nginx
|
||||
|
||||
## Starting
|
||||
|
|
|
@ -1,3 +1,11 @@
|
|||
# This file gets loaded in a top level http block by the default nginx.conf
|
||||
# See infra/services/nginx/README.md for more details.
|
||||
|
||||
upstream museum {
|
||||
# https://nginx.org/en/docs/http/ngx_http_upstream_module.html
|
||||
server host.docker.internal:8080 max_conns=50;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
@ -7,7 +15,7 @@ server {
|
|||
server_name api.ente.io;
|
||||
|
||||
location / {
|
||||
proxy_pass http://host.docker.internal:8080;
|
||||
proxy_pass http://museum;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
Documentation=https://github.com/ente-io/ente/tree/main/server#readme
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
Requires=nginx.service
|
||||
|
||||
[Service]
|
||||
Restart=on-failure
|
||||
|
@ -11,7 +10,7 @@ ExecStartPre=-docker stop museum
|
|||
ExecStartPre=-docker rm museum
|
||||
ExecStart=docker run --name museum \
|
||||
-e ENVIRONMENT=production \
|
||||
-e ENTE_HTTP_USE-TLS=1 \
|
||||
-e ENTE_HTTP_USE-TLS=0 \
|
||||
--hostname "%H" \
|
||||
-p 8080:8080 \
|
||||
-p 2112:2112 \
|
||||
|
|
Loading…
Reference in a new issue