[server] Deploy behind nginx (#1132)
Tweaks and fixes as we go towards a real deployment
This commit is contained in:
commit
4e8222afa1
|
@ -38,3 +38,22 @@ When adding new services that sit behind Nginx,
|
||||||
1. Add its nginx conf file to `/root/nginx/conf.d`
|
1. Add its nginx conf file to `/root/nginx/conf.d`
|
||||||
|
|
||||||
2. Restart nginx (`sudo systemctl restart nginx`)
|
2. Restart nginx (`sudo systemctl restart nginx`)
|
||||||
|
|
||||||
|
## Configuration files
|
||||||
|
|
||||||
|
All the files we put into `/root/nginx/conf.d` get included in an `http` block.
|
||||||
|
We can see this in the default configuration of nginx:
|
||||||
|
|
||||||
|
http {
|
||||||
|
...
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
> To view the default configuration, run the following command against the
|
||||||
|
> [official Docker image for Nginx](https://hub.docker.com/_/nginx), which is
|
||||||
|
> also what we use:
|
||||||
|
>
|
||||||
|
> docker run --rm --entrypoint=cat nginx /etc/nginx/nginx.conf > /tmp/nginx.conf
|
||||||
|
|
||||||
|
This is a [handy tool](https://nginx-playground.wizardzines.com) to check the
|
||||||
|
syntax of the configuration files.
|
||||||
|
|
|
@ -55,6 +55,13 @@ To bring up an additional museum node:
|
||||||
sudo tee /root/museum/credentials/fcm-service-account.json
|
sudo tee /root/museum/credentials/fcm-service-account.json
|
||||||
sudo tee /root/museum/credentials.yaml
|
sudo tee /root/museum/credentials.yaml
|
||||||
|
|
||||||
|
* Add billing data
|
||||||
|
|
||||||
|
scp /path/to/billing/*.json <instance>:
|
||||||
|
|
||||||
|
sudo mkdir -p /root/museum/data/billing
|
||||||
|
sudo mv *.json /root/museum/data/billing/
|
||||||
|
|
||||||
* If not running behind Nginx, add the TLS credentials (otherwise add the to
|
* If not running behind Nginx, add the TLS credentials (otherwise add the to
|
||||||
Nginx)
|
Nginx)
|
||||||
|
|
||||||
|
@ -79,7 +86,7 @@ To bring up an additional museum node:
|
||||||
|
|
||||||
scp scripts/deploy/museum.nginx.conf <instance>:
|
scp scripts/deploy/museum.nginx.conf <instance>:
|
||||||
|
|
||||||
sudo mv museum.nginx.conf /etc/systemd/system
|
sudo mv museum.nginx.conf /root/nginx/conf.d
|
||||||
sudo systemctl restart nginx
|
sudo systemctl restart nginx
|
||||||
|
|
||||||
## Starting
|
## Starting
|
||||||
|
|
|
@ -1,3 +1,11 @@
|
||||||
|
# This file gets loaded in a top level http block by the default nginx.conf
|
||||||
|
# See infra/services/nginx/README.md for more details.
|
||||||
|
|
||||||
|
upstream museum {
|
||||||
|
# https://nginx.org/en/docs/http/ngx_http_upstream_module.html
|
||||||
|
server host.docker.internal:8080 max_conns=50;
|
||||||
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
|
@ -7,7 +15,7 @@ server {
|
||||||
server_name api.ente.io;
|
server_name api.ente.io;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://host.docker.internal:8080;
|
proxy_pass http://museum;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
|
@ -2,7 +2,6 @@
|
||||||
Documentation=https://github.com/ente-io/ente/tree/main/server#readme
|
Documentation=https://github.com/ente-io/ente/tree/main/server#readme
|
||||||
Requires=docker.service
|
Requires=docker.service
|
||||||
After=docker.service
|
After=docker.service
|
||||||
Requires=nginx.service
|
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
|
@ -11,7 +10,7 @@ ExecStartPre=-docker stop museum
|
||||||
ExecStartPre=-docker rm museum
|
ExecStartPre=-docker rm museum
|
||||||
ExecStart=docker run --name museum \
|
ExecStart=docker run --name museum \
|
||||||
-e ENVIRONMENT=production \
|
-e ENVIRONMENT=production \
|
||||||
-e ENTE_HTTP_USE-TLS=1 \
|
-e ENTE_HTTP_USE-TLS=0 \
|
||||||
--hostname "%H" \
|
--hostname "%H" \
|
||||||
-p 8080:8080 \
|
-p 8080:8080 \
|
||||||
-p 2112:2112 \
|
-p 2112:2112 \
|
||||||
|
|
Loading…
Reference in a new issue