From 303b26b95ffa4f0c3b91329aa22d2de6e4e412cd Mon Sep 17 00:00:00 2001 From: Manav Rathi Date: Mon, 18 Mar 2024 10:48:12 +0530 Subject: [PATCH] Tweak the nginx setup --- server/cmd/museum/main.go | 2 +- server/configurations/proxy.yaml | 11 +++++++++++ server/scripts/deploy/README.md | 3 --- server/scripts/deploy/museum.nginx.conf | 2 +- server/scripts/deploy/museum.nginx.service | 4 ++-- server/scripts/deploy/update-and-restart-museum.sh | 2 +- 6 files changed, 16 insertions(+), 8 deletions(-) create mode 100644 server/configurations/proxy.yaml diff --git a/server/cmd/museum/main.go b/server/cmd/museum/main.go index 5ea4f33896..4905e82a4f 100644 --- a/server/cmd/museum/main.go +++ b/server/cmd/museum/main.go @@ -712,7 +712,7 @@ func main() { } func runServer(environment string, server *gin.Engine) { - if environment == "local" { + if environment == "local" || environment == "proxy" { server.Run(":8080") } else { certPath, err := config.CredentialFilePath("tls.cert") diff --git a/server/configurations/proxy.yaml b/server/configurations/proxy.yaml new file mode 100644 index 0000000000..0f206f09a2 --- /dev/null +++ b/server/configurations/proxy.yaml @@ -0,0 +1,11 @@ +# Production setup when running behind a reverse proxy like Nginx +# +# - TLS terminates on Nginx not on us +# - Otherwise the same as `production.yaml` + +log-file: /var/logs/museum.log + +stripe: + path: + success: ?status=success&session_id={CHECKOUT_SESSION_ID} + cancel: ?status=fail&reason=canceled diff --git a/server/scripts/deploy/README.md b/server/scripts/deploy/README.md index 7472a48671..5b55e6e78e 100644 --- a/server/scripts/deploy/README.md +++ b/server/scripts/deploy/README.md @@ -1,8 +1,5 @@ # Production Deployments -Museum runs using Docker + systemd on production instances, load balanced via -Cloudflare. - This document outlines how we ourselves deploy museum. Note that this is very specific to our use case, and while this might be useful as an example, this is likely overkill for simple self hosted deployments. diff --git a/server/scripts/deploy/museum.nginx.conf b/server/scripts/deploy/museum.nginx.conf index 9af7b41a0b..c36a352e6a 100644 --- a/server/scripts/deploy/museum.nginx.conf +++ b/server/scripts/deploy/museum.nginx.conf @@ -7,7 +7,7 @@ server { server_name api.ente.io; location / { - proxy_pass http://host.docker.internal:9000; + proxy_pass http://host.docker.internal:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/server/scripts/deploy/museum.nginx.service b/server/scripts/deploy/museum.nginx.service index 470add9349..6b32690f79 100644 --- a/server/scripts/deploy/museum.nginx.service +++ b/server/scripts/deploy/museum.nginx.service @@ -9,9 +9,9 @@ ExecStartPre=docker pull rg.fr-par.scw.cloud/ente/museum-prod ExecStartPre=-docker stop museum ExecStartPre=-docker rm museum ExecStart=docker run --name museum \ - -e ENVIRONMENT=production \ + -e ENVIRONMENT=proxy \ --hostname "%H" \ - -p 443:443 \ + -p 8080:8080 \ -p 2112:2112 \ -v /root/museum/credentials:/credentials:ro \ -v /root/museum/credentials.yaml:/credentials.yaml:ro \ diff --git a/server/scripts/deploy/update-and-restart-museum.sh b/server/scripts/deploy/update-and-restart-museum.sh index e4e5b34da6..85f93ae05d 100755 --- a/server/scripts/deploy/update-and-restart-museum.sh +++ b/server/scripts/deploy/update-and-restart-museum.sh @@ -3,7 +3,7 @@ # This script is meant to be run on the production instances. # # It will pull the latest Docker image, restart the museum process and start -# tailing the logs. +# tailing the logs as a sanity check. set -o errexit