From 9ba9b8a9849fba978ed99016242e5370fce61132 Mon Sep 17 00:00:00 2001 From: Manav Rathi Date: Mon, 18 Mar 2024 10:39:39 +0530 Subject: [PATCH] Add initial nginx conf --- infra/services/nginx/README.md | 17 ++++++++++++++--- server/scripts/deploy/README.md | 17 ++++++++++------- server/scripts/deploy/museum.nginx.service | 20 ++++++++++++++++++++ server/scripts/deploy/museum.service | 2 +- 4 files changed, 45 insertions(+), 11 deletions(-) create mode 100644 server/scripts/deploy/museum.nginx.service diff --git a/infra/services/nginx/README.md b/infra/services/nginx/README.md index 43e570946..923c33712 100644 --- a/infra/services/nginx/README.md +++ b/infra/services/nginx/README.md @@ -1,6 +1,6 @@ # Nginx -This is a base nginx service that terminates TLS, and can be used as a reverse +This is a base Nginx service that terminates TLS, and can be used as a reverse proxy for arbitrary services by adding new entries in `/root/nginx/conf.d` and `sudo systemctl restart nginx`. @@ -15,7 +15,18 @@ Add the SSL certificate provided by Cloudflare sudo tee /root/nginx/cert.pem sudo tee /root/nginx/key.pem +Tell systemd to pick up new service definition, enable it (so that it +automatically starts on boot going forward), and start it. + +```sh +sudo systemctl daemon-reload +sudo systemctl enable --now nginx +``` + ## Adding a service -When adding new services that sit behind nginx, add their nginx conf file to -`/root/nginx/conf.d` and and restart the nginx service. +When adding new services that sit behind Nginx, + +1. Add its nginx conf file to `/root/nginx/conf.d` + +2. Restart nginx (`sudo systemctl restart nginx`) diff --git a/server/scripts/deploy/README.md b/server/scripts/deploy/README.md index 81ebb6356..7472a4867 100644 --- a/server/scripts/deploy/README.md +++ b/server/scripts/deploy/README.md @@ -57,7 +57,7 @@ To bring up an additional museum node: sudo tee /root/museum/credentials/fcm-service-account.json sudo tee /root/museum/credentials.yaml -* If not running behind Nginx, add the TLS credentials (otherwise add them to +* If not running behind Nginx, add the TLS credentials (otherwise add the to Nginx) sudo tee /root/museum/credentials/tls.cert @@ -67,18 +67,21 @@ To bring up an additional museum node: restart script can remain in the ente user's home directory. Move the service definition to its proper place. - scp scripts/deploy/{museum.service,update-and-restart-museum.sh} : + # If using nginx + scp scripts/deploy/museum.nginx.service :museum.service + # otherwise + scp scripts/deploy/museum.service : + + scp scripts/deploy/update-and-restart-museum.sh : sudo mv museum.service /etc/systemd/system sudo systemctl daemon-reload -* If running behind Nginx, a separate set of service definition and convenience - scripts need to be added. +* If running behind Nginx, tell it about museum - scp scripts/deploy/{museum-nginx.service,update-and-restart-museum-nginx.sh} : + scp scripts/deploy/museum.nginx.conf : - sudo mv museum-nginx.service /etc/systemd/system - sudo systemctl daemon-reload + sudo mv museum.nginx.conf /etc/systemd/system sudo systemctl restart nginx ## Starting diff --git a/server/scripts/deploy/museum.nginx.service b/server/scripts/deploy/museum.nginx.service new file mode 100644 index 000000000..470add934 --- /dev/null +++ b/server/scripts/deploy/museum.nginx.service @@ -0,0 +1,20 @@ +[Unit] +Documentation=https://github.com/ente-io/ente/tree/main/server#readme +Requires=docker.service +After=docker.service + +[Service] +Restart=on-failure +ExecStartPre=docker pull rg.fr-par.scw.cloud/ente/museum-prod +ExecStartPre=-docker stop museum +ExecStartPre=-docker rm museum +ExecStart=docker run --name museum \ + -e ENVIRONMENT=production \ + --hostname "%H" \ + -p 443:443 \ + -p 2112:2112 \ + -v /root/museum/credentials:/credentials:ro \ + -v /root/museum/credentials.yaml:/credentials.yaml:ro \ + -v /root/museum/data:/data:ro \ + -v /root/var:/var \ + rg.fr-par.scw.cloud/ente/museum-prod diff --git a/server/scripts/deploy/museum.service b/server/scripts/deploy/museum.service index eb908e24a..470add934 100644 --- a/server/scripts/deploy/museum.service +++ b/server/scripts/deploy/museum.service @@ -1,5 +1,5 @@ [Unit] -Documentation=https://github.com/ente-io/museum +Documentation=https://github.com/ente-io/ente/tree/main/server#readme Requires=docker.service After=docker.service