[infra] Import the base nginx service definition we use (#1127)

2024-03-18 09:17:29 +05:30 · 2024-03-18 09:17:29 +05:30 · efe6a5a713
commit efe6a5a713
parent e098511960 022c11d7fa
2 changed files with 40 additions and 0 deletions
--- a/infra/services/nginx/README.md
+++ b/infra/services/nginx/README.md
@ -0,0 +1,21 @@
+# Nginx
+
+This is a base nginx service that terminates TLS, and can be used as a reverse
+proxy for arbitrary services by adding new entries in `/root/nginx/conf.d` and
+`sudo systemctl restart nginx`.
+
+## Installation
+
+Create a directory to house service specific configuration
+
+    sudo mkdir -p /root/nginx/conf.d
+
+Add the SSL certificate provided by Cloudflare
+
+    sudo tee /root/nginx/cert.pem
+    sudo tee /root/nginx/key.pem
+
+## Adding a service
+
+When adding new services that sit behind nginx, add their nginx conf file to
+`/root/nginx/conf.d` and and restart the nginx service.
--- a/infra/services/nginx/nginx.service
+++ b/infra/services/nginx/nginx.service
@ -0,0 +1,19 @@
+[Unit]
+Documentation=https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/
+Requires=docker.service
+After=docker.service
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+ExecStartPre=docker pull nginx
+ExecStartPre=-docker stop nginx
+ExecStartPre=-docker rm nginx
+ExecStart=docker run --name nginx \
+    --add-host=host.docker.internal:host-gateway \
+    -p 443:443 \
+    -v /root/nginx/cert.pem:/etc/ssl/certs/cert.pem:ro \
+    -v /root/nginx/key.pem:/etc/ssl/private/key.pem:ro \
+    -v /root/nginx/conf.d:/etc/nginx/conf.d:ro \
+    nginx