Outline the nginx approach

2024-03-18 10:25:11 +05:30 · 2024-03-18 10:25:11 +05:30 · a0599f7b33
commit a0599f7b33
parent 9beedcf4e0
2 changed files with 39 additions and 4 deletions
--- a/server/scripts/deploy/README.md
+++ b/server/scripts/deploy/README.md
@ -36,6 +36,9 @@ using systemd as "services". More examples and details
  convenience [script](update-and-restart-museum.sh) that pre-downloads the
  latest image to further reduce the delay during a restart.

+* Optionally and alternatively, museum can also be run behind an Nginx. This
+  option has a separate service definition.
+
 ## Installation

 To bring up an additional museum node:
@ -44,25 +47,40 @@ To bring up an additional museum node:

 * Setup [promtail](../../../infra/services/promtail/README.md), [prometheus and node-exporter](../../../infra/services/prometheus/README.md) services

+* If running behind Nginx, install the
+  [nginx](../../../infra/services/nginx/README.md) service.
+
 * Add credentials

      sudo mkdir -p /root/museum/credentials
-      sudo tee /root/museum/credentials/tls.cert
-      sudo tee /root/museum/credentials/tls.key
      sudo tee /root/museum/credentials/pst-service-account.json
      sudo tee /root/museum/credentials/fcm-service-account.json
      sudo tee /root/museum/credentials.yaml

+* If not running behind Nginx, add the TLS credentials (otherwise add them to
+  Nginx)
+
+      sudo tee /root/museum/credentials/tls.cert
+      sudo tee /root/museum/credentials/tls.key
+
 * Copy the service definition and restart script to the new instance. The
  restart script can remain in the ente user's home directory. Move the service
  definition to its proper place.

-      scp </path-to-museum>/scripts/museum.service <instance>:
-      scp update-and-restart-museum.sh <instance>:
+      scp scripts/deploy/{museum.service,update-and-restart-museum.sh} <instance>:

      sudo mv museum.service /etc/systemd/system
      sudo systemctl daemon-reload

+* If running behind Nginx, a separate set of service definition and convenience
+  scripts need to be added.
+
+      scp scripts/deploy/{museum-nginx.service,update-and-restart-museum-nginx.sh} <instance>:
+
+      sudo mv museum-nginx.service /etc/systemd/system
+      sudo systemctl daemon-reload
+      sudo systemctl restart nginx
+
 ## Starting

 SSH into the instance, and run
--- a/server/scripts/deploy/museum.nginx.conf
+++ b/server/scripts/deploy/museum.nginx.conf
@ -0,0 +1,17 @@
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    ssl_certificate         /etc/ssl/certs/cert.pem;
+    ssl_certificate_key     /etc/ssl/private/key.pem;
+
+    server_name api.ente.io;
+
+    location / {
+        proxy_pass http://host.docker.internal:9000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+