💚 Move prod docker files to sources

2025-05-13 07:06:38 +02:00 · 2019-02-14 13:42:16 +01:00 · 2019-02-14 13:42:16 +01:00 · aa735e52bf
commit aa735e52bf
parent 010f855829
8 changed files with 4 additions and 3 deletions
--- a/frontend/docker-nginx/README.md
+++ b/frontend/docker-nginx/README.md
@ -0,0 +1,40 @@
+# Setting up NGNIX
+
+You will need to complete the following tasks to setup your dockerized proxy server:
+
+1. Include/Create SSL keys
+2. Alter your backend upstream
+3. Confirm your backend's path
+
+## Include/Create SSL Keys
+
+Have your key and csr in the nginx/keys directory as server.key and server.crt. These are copied into the docker image on build and used to serve your website or proxy your services.
+
+### Generate your own self signed certificate
+```bash
+openssl req \
+       -newkey rsa:2048 -nodes -keyout nginx/keys/server.key \
+       -x509 -out nginx/keys/server.crt
+```
+
+This command from your project root will create the keys needed to start docker with self signed certificates. Note that if you are going to deploy this site for production you will want to replace these and rebuild your image with valid (purchased) SSL certificates. All the fields are optional. Do not set any challenge passwords.
+
+If you want validated certificates but are not looking to purchase them; then checkout [Let's Encrypt](https://letsencrypt.org) which is a free SSL certification service.
+
+## Alter your backend upstream
+
+The upstream is a block used to load balance different destinations important to your proxy. In this example the upstream is used to proxy requests to your backend without worrying about XSS configurations.
+
+We have preloaded some examples of what this looks like in the `nginx/conf.d/default.conf` file. You can certainly only specify one server in the block if that is your only server.
+
+## Confirm your backend's path
+
+Assuming your website uses a backend collection of APIs, you can setup your nginx service to reverse proxy to them avoiding any XSS configuration needs. The provided default.conf includes a `/api/` location block to serve as an example. You can replace api in `/api/` with any path you want to have forwarded to your backend.
+
+There is only one setting you need to adjust in this block and that is the `proxy_cookie_domain`. Assuming you have a production domain you would change `my.uxbox.com` to be your domain. If you do not have a production domain it is safe to leave this as is or delete.
+
+## Extending the configuration
+
+You can include more servers or configuration settings by adding any named file in `nginx/conf.d`. These files are automatically consumed by nginx on startup.
+
+[Visit NGINX's beginnner's guide](http://nginx.org/en/docs/beginners_guide.html) for additional help.
--- a/frontend/docker-nginx/conf.d/default.conf
+++ b/frontend/docker-nginx/conf.d/default.conf
@ -0,0 +1,51 @@
+# This will load balance your backend to one or more destinations.
+upstream backend {
+  # server api1.my.uxbox.com:3000;
+  # server api1.my.uxbox.com:3001;
+  # server api2.my.uxbox.com:3000;
+  server uxbox_backend:6060; # This is a circular reference that allows docker to start as the example project, it is not recommended to use this in actual development.
+}
+
+server {
+
+  listen 80 default_server;
+  listen [::]:80 default_server;
+
+  #listen 443 ssl http2 default_server;
+  #listen [::]:443 ssl http2 default_server;
+
+  #ssl_certificate           /etc/nginx/keys/server.crt;
+  #ssl_certificate_key       /etc/nginx/keys/server.key;
+
+  #ssl                         on;
+  #ssl_session_cache           builtin:1000  shared:SSL:10m;
+  #ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
+  #ssl_ciphers                 "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+  #ssl_prefer_server_ciphers   on;
+
+  # Reverse Proxy to Backend (Avoids XSS concerns) --Update api to be whatever your site uses to access your backend
+  location /api/ {
+    proxy_pass http://backend;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection 'upgrade';
+    proxy_set_header Host $host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    
+    # IMPORTANT: Update my.uxbox.com to your production site. This will allow cookies to work as expected when using your deployment locally
+    proxy_cookie_domain localhost my.uxbox.com;
+  }
+
+  # Application
+  location / {
+    root /usr/share/nginx/html/;
+
+    try_files $uri /index.html;
+    gzip on;
+    gzip_types text/css text/javascript application/x-javascript application/javascript application/json;
+
+		add_header Cache-Control "max-age=15552000" always;
+  }
+}
--- a/frontend/docker-nginx/conf.d/http-redirect.conf
+++ b/frontend/docker-nginx/conf.d/http-redirect.conf
@ -0,0 +1,4 @@
+server {
+  listen *:80;
+  return 301 https://$host$request_uri;
+}
--- a/frontend/docker-nginx/conf.d/misc.conf
+++ b/frontend/docker-nginx/conf.d/misc.conf
@ -0,0 +1,3 @@
+log_format gzip '[$time_local] ' '"$request" $status $bytes_sent';
+access_log /dev/stdout;
+charset utf-8;