feat(deploy-tool): add nginx proxy for https

akash-network · May 16, 2024 · d56d33f · d56d33f
1 parent 27bf74b
commit d56d33f
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 4 deletions.
diff --git a/deploy-web/Dockerfile b/deploy-web/Dockerfile
@@ -48,12 +48,21 @@ RUN apt-get update
 RUN apt-get install libcap2-bin -y
 RUN setcap cap_net_bind_service=+ep `readlink -f \`which node\``
 
-USER nextjs
+# Setup nginx for HTTPS
+RUN apt-get install nginx -y
+RUN mkdir -p /etc/nginx/ssl
+RUN openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /etc/nginx/ssl/my_ssl_key.key -out /etc/nginx/ssl/my_ssl_cert.crt -subj "/CN=cloudmos.io" -days 600
+COPY nginx.conf /etc/nginx/nginx.conf
+RUN nginx -t
+
+#USER nextjs
 
 #EXPOSE 3001
 EXPOSE 80
+EXPOSE 443
 
-#ENV PORT 3001
-ENV PORT 80
+ENV PORT 3001
+#ENV PORT 80
 
-CMD ["node", "server.js"]
+#CMD ["node", "server.js"]
+CMD sed -i "s/127.0.0.1/$(hostname -i)/" /etc/nginx/nginx.conf && service nginx start && node server.js
diff --git a/deploy-web/nginx.conf b/deploy-web/nginx.conf
@@ -0,0 +1,34 @@
+# nginx.conf
+
+events {
+}
+
+http {
+    server {
+        # Redirect HTTP requests to HTTPS.
+        listen 80;
+
+        return 307 https://$host$request_uri;
+    }
+
+    server {
+        listen 443 ssl;
+
+        server_tokens off;
+
+        ssl_certificate /etc/nginx/ssl/my_ssl_cert.crt;
+        ssl_certificate_key /etc/nginx/ssl/my_ssl_key.key;
+
+        location / {
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto https;
+            proxy_set_header X-Forwarded-Ssl on;
+            proxy_set_header Host $http_host;
+            proxy_redirect off;
+            proxy_pass http://127.0.0.1:3001;
+            proxy_buffers 8 16k;
+            proxy_buffer_size 16k;
+            proxy_cookie_path / "/; HTTPOnly; Secure";
+        }
+    }
+}