From 53cf5ffc45d18745e62c93b38e6e28437a5fa652 Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Mon, 18 Mar 2024 14:35:42 +0530
Subject: [PATCH 1/5] Fix some paths in README

---
 server/scripts/deploy/README.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/server/scripts/deploy/README.md b/server/scripts/deploy/README.md
index 78766064b..04d121210 100644
--- a/server/scripts/deploy/README.md
+++ b/server/scripts/deploy/README.md
@@ -55,6 +55,13 @@ To bring up an additional museum node:
       sudo tee /root/museum/credentials/fcm-service-account.json
       sudo tee /root/museum/credentials.yaml
 
+* Add billing data
+
+      scp /path/to/billing/*.json <instance>:
+
+      sudo mkdir -p /root/museum/data/billing
+      sudo mv *.json /root/museum/data/billing/
+
 * If not running behind Nginx, add the TLS credentials (otherwise add the to
   Nginx)
 
@@ -79,7 +86,7 @@ To bring up an additional museum node:
 
       scp scripts/deploy/museum.nginx.conf <instance>:
 
-      sudo mv museum.nginx.conf /etc/systemd/system
+      sudo mv museum.nginx.conf /root/nginx/conf.d
       sudo systemctl restart nginx
 
 ## Starting

From f494832bd774045f7004e1c424829138380966e0 Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Mon, 18 Mar 2024 15:21:47 +0530
Subject: [PATCH 2/5] Limit max connections at the nginx level

---
 server/scripts/deploy/museum.nginx.conf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/scripts/deploy/museum.nginx.conf b/server/scripts/deploy/museum.nginx.conf
index fb3da7d1d..3213122a7 100644
--- a/server/scripts/deploy/museum.nginx.conf
+++ b/server/scripts/deploy/museum.nginx.conf
@@ -1,3 +1,7 @@
+upstream museum {
+    server host.docker.internal:8080 max_conns=50;
+}
+
 server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
@@ -7,7 +11,7 @@ server {
     server_name api.ente.io;
 
     location / {
-        proxy_pass http://host.docker.internal:8080;
+        proxy_pass http://museum;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

From 27b13765d717ce72b9e0d872ea06c4440b615f13 Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Mon, 18 Mar 2024 15:23:23 +0530
Subject: [PATCH 3/5] Fix the environment var

---
 server/scripts/deploy/museum.nginx.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/scripts/deploy/museum.nginx.service b/server/scripts/deploy/museum.nginx.service
index e484cc73f..566c6c048 100644
--- a/server/scripts/deploy/museum.nginx.service
+++ b/server/scripts/deploy/museum.nginx.service
@@ -11,7 +11,7 @@ ExecStartPre=-docker stop museum
 ExecStartPre=-docker rm museum
 ExecStart=docker run --name museum \
      -e ENVIRONMENT=production \
-     -e ENTE_HTTP_USE-TLS=1 \
+     -e ENTE_HTTP_USE-TLS=0 \
      --hostname "%H" \
      -p 8080:8080 \
      -p 2112:2112 \

From c177efe79cb657b1052d5531db85f2c65d2bdf98 Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Mon, 18 Mar 2024 15:44:00 +0530
Subject: [PATCH 4/5] Add documentation comments

---
 infra/services/nginx/README.md          | 19 +++++++++++++++++++
 server/scripts/deploy/museum.nginx.conf |  4 ++++
 2 files changed, 23 insertions(+)

diff --git a/infra/services/nginx/README.md b/infra/services/nginx/README.md
index 2cf335f21..6d46b4de1 100644
--- a/infra/services/nginx/README.md
+++ b/infra/services/nginx/README.md
@@ -38,3 +38,22 @@ When adding new services that sit behind Nginx,
 1. Add its nginx conf file to `/root/nginx/conf.d`
 
 2. Restart nginx (`sudo systemctl restart nginx`)
+
+## Configuration files
+
+All the files we put into `/root/nginx/conf.d` get included in an `http` block.
+We can see this in the default configuration of nginx:
+
+   http {
+       ...
+       include /etc/nginx/conf.d/*.conf;
+   }
+
+> To view the default configuration, run the following command against the
+> [official Docker image for Nginx](https://hub.docker.com/_/nginx), which is
+> also what we use:
+>
+>     docker run --rm --entrypoint=cat nginx /etc/nginx/nginx.conf > /tmp/nginx.conf
+
+This is a [handy tool](https://nginx-playground.wizardzines.com) to check the
+syntax of the configuration files.
diff --git a/server/scripts/deploy/museum.nginx.conf b/server/scripts/deploy/museum.nginx.conf
index 3213122a7..65ed19b49 100644
--- a/server/scripts/deploy/museum.nginx.conf
+++ b/server/scripts/deploy/museum.nginx.conf
@@ -1,4 +1,8 @@
+# This file gets loaded in a top level http block by the default nginx.conf
+# See infra/services/nginx/README.md for more details.
+
 upstream museum {
+    # https://nginx.org/en/docs/http/ngx_http_upstream_module.html
     server host.docker.internal:8080 max_conns=50;
 }
 

From fb0e2d2604d7d2b198f1a82df90f34879e39bd88 Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Mon, 18 Mar 2024 15:54:25 +0530
Subject: [PATCH 5/5] Don't restart museum on restarting nginx

---
 server/scripts/deploy/museum.nginx.service | 1 -
 1 file changed, 1 deletion(-)

diff --git a/server/scripts/deploy/museum.nginx.service b/server/scripts/deploy/museum.nginx.service
index 566c6c048..73cdd3ff1 100644
--- a/server/scripts/deploy/museum.nginx.service
+++ b/server/scripts/deploy/museum.nginx.service
@@ -2,7 +2,6 @@
 Documentation=https://github.com/ente-io/ente/tree/main/server#readme
 Requires=docker.service
 After=docker.service
-Requires=nginx.service
 
 [Service]
 Restart=on-failure