From 64c0143fb627b32e8da303a277fe96a8e434d884 Mon Sep 17 00:00:00 2001 From: Redm4x <2829180+Redm4x@users.noreply.github.com> Date: Mon, 16 Sep 2024 16:22:39 -0400 Subject: [PATCH] feat: add nginx proxying with ssl to api & provider-proxy --- apps/api/nginx.conf | 33 +++++++++++++++++++++++++++++++++ apps/provider-proxy/nginx.conf | 33 +++++++++++++++++++++++++++++++++ docker-compose.build.yml | 4 ++-- docker/Dockerfile.node | 16 +++++++++++++++- 4 files changed, 83 insertions(+), 3 deletions(-) create mode 100644 apps/api/nginx.conf create mode 100644 apps/provider-proxy/nginx.conf diff --git a/apps/api/nginx.conf b/apps/api/nginx.conf new file mode 100644 index 000000000..d7434112d --- /dev/null +++ b/apps/api/nginx.conf @@ -0,0 +1,33 @@ +# nginx.conf + +events { +} + +http { + server { + # Redirect HTTP requests to HTTPS. + listen 80; + return 307 https://$host$request_uri; + } + + server { + listen 443 ssl; + + server_tokens off; + + ssl_certificate /etc/nginx/ssl/my_ssl_cert.crt; + ssl_certificate_key /etc/nginx/ssl/my_ssl_key.key; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_pass http://127.0.0.1:3000; + proxy_buffers 8 16k; + proxy_buffer_size 16k; + proxy_cookie_path / "/; HTTPOnly; Secure"; + } + } +} diff --git a/apps/provider-proxy/nginx.conf b/apps/provider-proxy/nginx.conf new file mode 100644 index 000000000..d7434112d --- /dev/null +++ b/apps/provider-proxy/nginx.conf @@ -0,0 +1,33 @@ +# nginx.conf + +events { +} + +http { + server { + # Redirect HTTP requests to HTTPS. + listen 80; + return 307 https://$host$request_uri; + } + + server { + listen 443 ssl; + + server_tokens off; + + ssl_certificate /etc/nginx/ssl/my_ssl_cert.crt; + ssl_certificate_key /etc/nginx/ssl/my_ssl_key.key; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_pass http://127.0.0.1:3000; + proxy_buffers 8 16k; + proxy_buffer_size 16k; + proxy_cookie_path / "/; HTTPOnly; Secure"; + } + } +} diff --git a/docker-compose.build.yml b/docker-compose.build.yml index 801664f7f..280b45906 100644 --- a/docker-compose.build.yml +++ b/docker-compose.build.yml @@ -3,7 +3,7 @@ services: image: console-api:${API_TAG:-latest} build: dockerfile: docker/Dockerfile.node - target: production + target: production-nginx args: WORKSPACE: apps/api @@ -19,7 +19,7 @@ services: image: console-provider-proxy:${PROVIDER_PROXY_TAG:-latest} build: dockerfile: docker/Dockerfile.node - target: production + target: production-nginx args: WORKSPACE: apps/provider-proxy diff --git a/docker/Dockerfile.node b/docker/Dockerfile.node index 77746ee55..60b66e092 100644 --- a/docker/Dockerfile.node +++ b/docker/Dockerfile.node @@ -46,4 +46,18 @@ USER $APP_USER WORKDIR /app/$WORKSPACE -CMD ["node", "dist/server.js"] \ No newline at end of file +CMD ["node", "dist/server.js"] + +FROM production AS production-nginx + +USER root + +RUN apk add --no-cache libcap nginx openssl \ + && setcap cap_net_bind_service=+ep `readlink -f \`which node\`` \ + && mkdir -p /etc/nginx/ssl \ + && openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /etc/nginx/ssl/my_ssl_key.key -out /etc/nginx/ssl/my_ssl_cert.crt -subj "/CN=akash.network" -days 600 \ + && nginx -t + +COPY $WORKSPACE/nginx.conf /etc/nginx/nginx.conf + +CMD sed -i "s/127.0.0.1/$(hostname -i)/" /etc/nginx/nginx.conf && sed -i "s/:3000/:$PORT/" /etc/nginx/nginx.conf && nginx && node dist/server.js \ No newline at end of file