Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add nginx proxying with ssl to api & provider-proxy #368

Merged
merged 1 commit into from
Sep 16, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
feat: add nginx proxying with ssl to api & provider-proxy
  • Loading branch information
Redm4x committed Sep 16, 2024
commit 64c0143fb627b32e8da303a277fe96a8e434d884
33 changes: 33 additions & 0 deletions apps/api/nginx.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# nginx.conf

events {
}

http {
server {
# Redirect HTTP requests to HTTPS.
listen 80;
return 307 https://$host$request_uri;
}

server {
listen 443 ssl;

server_tokens off;

ssl_certificate /etc/nginx/ssl/my_ssl_cert.crt;
ssl_certificate_key /etc/nginx/ssl/my_ssl_key.key;

location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:3000;
proxy_buffers 8 16k;
proxy_buffer_size 16k;
proxy_cookie_path / "/; HTTPOnly; Secure";
}
}
}
33 changes: 33 additions & 0 deletions apps/provider-proxy/nginx.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# nginx.conf

events {
}

http {
server {
# Redirect HTTP requests to HTTPS.
listen 80;
return 307 https://$host$request_uri;
}

server {
listen 443 ssl;

server_tokens off;

ssl_certificate /etc/nginx/ssl/my_ssl_cert.crt;
ssl_certificate_key /etc/nginx/ssl/my_ssl_key.key;

location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:3000;
proxy_buffers 8 16k;
proxy_buffer_size 16k;
proxy_cookie_path / "/; HTTPOnly; Secure";
}
}
}
4 changes: 2 additions & 2 deletions docker-compose.build.yml
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@ services:
image: console-api:${API_TAG:-latest}
build:
dockerfile: docker/Dockerfile.node
target: production
target: production-nginx
args:
WORKSPACE: apps/api

@@ -19,7 +19,7 @@ services:
image: console-provider-proxy:${PROVIDER_PROXY_TAG:-latest}
build:
dockerfile: docker/Dockerfile.node
target: production
target: production-nginx
args:
WORKSPACE: apps/provider-proxy

16 changes: 15 additions & 1 deletion docker/Dockerfile.node
Original file line number Diff line number Diff line change
@@ -46,4 +46,18 @@ USER $APP_USER

WORKDIR /app/$WORKSPACE

CMD ["node", "dist/server.js"]
CMD ["node", "dist/server.js"]

FROM production AS production-nginx

USER root

RUN apk add --no-cache libcap nginx openssl \
&& setcap cap_net_bind_service=+ep `readlink -f \`which node\`` \
&& mkdir -p /etc/nginx/ssl \
&& openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /etc/nginx/ssl/my_ssl_key.key -out /etc/nginx/ssl/my_ssl_cert.crt -subj "/CN=akash.network" -days 600 \
&& nginx -t

COPY $WORKSPACE/nginx.conf /etc/nginx/nginx.conf

CMD sed -i "s/127.0.0.1/$(hostname -i)/" /etc/nginx/nginx.conf && sed -i "s/:3000/:$PORT/" /etc/nginx/nginx.conf && nginx && node dist/server.js
Loading