Add initial nginx conf

infra/services/nginx/README.md

@@ -1,6 +1,6 @@
 # Nginx
 
-This is a base nginx service that terminates TLS, and can be used as a reverse
+This is a base Nginx service that terminates TLS, and can be used as a reverse
 proxy for arbitrary services by adding new entries in `/root/nginx/conf.d` and
 `sudo systemctl restart nginx`.
 
@@ -15,7 +15,18 @@ Add the SSL certificate provided by Cloudflare
     sudo tee /root/nginx/cert.pem
     sudo tee /root/nginx/key.pem
 
+Tell systemd to pick up new service definition, enable it (so that it
+automatically starts on boot going forward), and start it.
+
+```sh
+sudo systemctl daemon-reload
+sudo systemctl enable --now nginx
+```
+
 ## Adding a service
 
-When adding new services that sit behind nginx, add their nginx conf file to
+When adding new services that sit behind Nginx,
-`/root/nginx/conf.d` and and restart the nginx service.
+
+1. Add its nginx conf file to `/root/nginx/conf.d`
+
+2. Restart nginx (`sudo systemctl restart nginx`)

server/scripts/deploy/README.md

@@ -57,7 +57,7 @@ To bring up an additional museum node:
       sudo tee /root/museum/credentials/fcm-service-account.json
       sudo tee /root/museum/credentials.yaml
 
-* If not running behind Nginx, add the TLS credentials (otherwise add them to
+* If not running behind Nginx, add the TLS credentials (otherwise add the to
   Nginx)
 
       sudo tee /root/museum/credentials/tls.cert
@@ -67,18 +67,21 @@ To bring up an additional museum node:
   restart script can remain in the ente user's home directory. Move the service
   definition to its proper place.
 
-      scp scripts/deploy/{museum.service,update-and-restart-museum.sh} <instance>:
+      # If using nginx
+      scp scripts/deploy/museum.nginx.service <instance>:museum.service
+      # otherwise
+      scp scripts/deploy/museum.service <instance>:
+
+      scp scripts/deploy/update-and-restart-museum.sh <instance>:
 
       sudo mv museum.service /etc/systemd/system
       sudo systemctl daemon-reload
 
-* If running behind Nginx, a separate set of service definition and convenience
+* If running behind Nginx, tell it about museum
-  scripts need to be added.
 
-      scp scripts/deploy/{museum-nginx.service,update-and-restart-museum-nginx.sh} <instance>:
+      scp scripts/deploy/museum.nginx.conf <instance>:
 
-      sudo mv museum-nginx.service /etc/systemd/system
+      sudo mv museum.nginx.conf /etc/systemd/system
-      sudo systemctl daemon-reload
       sudo systemctl restart nginx
 
 ## Starting

server/scripts/deploy/museum.nginx.service

@@ -0,0 +1,20 @@
+[Unit]
+Documentation=https://github.com/ente-io/ente/tree/main/server#readme
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=on-failure
+ExecStartPre=docker pull rg.fr-par.scw.cloud/ente/museum-prod
+ExecStartPre=-docker stop museum
+ExecStartPre=-docker rm museum
+ExecStart=docker run --name museum \
+     -e ENVIRONMENT=production \
+     --hostname "%H" \
+     -p 443:443 \
+     -p 2112:2112 \
+     -v /root/museum/credentials:/credentials:ro \
+     -v /root/museum/credentials.yaml:/credentials.yaml:ro \
+     -v /root/museum/data:/data:ro \
+     -v /root/var:/var \
+     rg.fr-par.scw.cloud/ente/museum-prod

server/scripts/deploy/museum.service

@@ -1,5 +1,5 @@
 [Unit]
-Documentation=https://github.com/ente-io/museum
+Documentation=https://github.com/ente-io/ente/tree/main/server#readme
 Requires=docker.service
 After=docker.service