diff --git a/docker-compose.yml b/docker-compose.yml index ab703c8..8b44c78 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -58,7 +58,7 @@ services: context: ./server dockerfile: Dockerfile ports: - - "${HOST_BACKEND_PORT:-127.0.0.1:3001}:3001" + - "${HOST_BACKEND_PORT}" environment: - NODE_ENV=production - CLICKHOUSE_HOST=http://clickhouse:8123 @@ -88,7 +88,7 @@ services: args: NEXT_PUBLIC_BACKEND_URL: ${BASE_URL} ports: - - "${HOST_CLIENT_PORT:-127.0.0.1:3002}:3002" + - "${HOST_CLIENT_PORT}" environment: - NODE_ENV=production - NEXT_PUBLIC_BACKEND_URL=${BASE_URL} diff --git a/docs/src/content/_meta.js b/docs/src/content/_meta.js index 96734f5..1ef5202 100644 --- a/docs/src/content/_meta.js +++ b/docs/src/content/_meta.js @@ -13,6 +13,7 @@ export default { }, "self-hosting": "", "self-hosting-advanced": "", + "self-hosting-nginx": "", _5: { type: "separator", title: "Settings", diff --git a/docs/src/content/self-hosting-advanced.mdx b/docs/src/content/self-hosting-advanced.mdx index b3f90ad..d07925d 100644 --- a/docs/src/content/self-hosting-advanced.mdx +++ b/docs/src/content/self-hosting-advanced.mdx @@ -80,3 +80,5 @@ server { } } ``` + +For a detailed step-by-step guide on setting up Nginx with SSL certificates using Certbot, see our [Nginx Setup Guide](/docs/self-hosting-nginx). diff --git a/docs/src/content/self-hosting-nginx.mdx b/docs/src/content/self-hosting-nginx.mdx new file mode 100644 index 0000000..45f7b7e --- /dev/null +++ b/docs/src/content/self-hosting-nginx.mdx @@ -0,0 +1,125 @@ +import { Callout } from 'nextra/components' + +# Custom Nginx Setup + +Rybbit comes with a built-in webserver (Caddy), but you can use your own web server by using the `--no-webserver` flag on the `setup.sh` script. This is an example of how to set up Nginx with SSL certificates using Certbot. + +## Prerequisites + +- A domain name pointing to your server +- A Linux-based server (these instructions use apt-based systems like Ubuntu/Debian) +- Rybbit installed with the `--no-webserver` flag + +## Installation + +First, install Nginx and Certbot: + +```bash +# Update package lists +sudo apt update + +# Install Nginx +sudo apt install nginx + +# Install Certbot and the Nginx plugin +sudo apt install certbot python3-certbot-nginx +``` + +## Configure Nginx + +Create a new Nginx server configuration file: + +```bash +sudo nano /etc/nginx/sites-available/rybbit +``` + +Add the following configuration (replace `your.domain.name` with your actual domain): + +```nginx +server { + listen 80; + server_name your.domain.name; + + # We'll start with a basic HTTP configuration + # Certbot will modify this file later to add HTTPS + + location / { + proxy_pass http://localhost:3002; # Client port + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /api/ { + proxy_pass http://localhost:3001/; # Backend port + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} +``` + + + Note the trailing slash in the proxy_pass for the API location. This is important to correctly strip the `/api/` prefix when forwarding requests to the backend service. + + +Enable the site by creating a symbolic link and test the configuration: + +```bash +# Enable the site +sudo ln -s /etc/nginx/sites-available/rybbit /etc/nginx/sites-enabled/ + +# Test the configuration +sudo nginx -t + +# If the test is successful, restart Nginx +sudo systemctl restart nginx +``` + +## Set Up SSL with Certbot + +Certbot can automatically configure Nginx to use HTTPS: + +```bash +sudo certbot --nginx -d your.domain.name +``` +Certbot will automatically modify your Nginx configuration to include SSL certificate settings and HTTPS server blocks. + + +## Certificate Renewal + +Certbot creates a systemd timer that automatically renews certificates before they expire. You can verify it's active with: + +```bash +sudo systemctl status certbot.timer +``` + +You can also test the renewal process (without actually renewing) using: + +```bash +sudo certbot renew --dry-run +``` + +## Troubleshooting + +If you encounter issues: + +1. Check Nginx error logs: + ```bash + sudo tail -f /var/log/nginx/error.log + ``` + +2. Verify that the Docker containers are running and exposing the correct ports: + ```bash + docker ps + ``` + +3. Test connectivity to the backend and client services: + ```bash + curl -v http://localhost:3001 + curl -v http://localhost:3002 + ``` + +4. If the Certbot automatic configuration fails, you can manually add SSL configuration to your Nginx server block. diff --git a/setup.sh b/setup.sh index 13c822b..5f749fd 100644 --- a/setup.sh +++ b/setup.sh @@ -94,12 +94,13 @@ echo "Creating .env file..." # Update port mappings based on webserver choice if [ "$USE_WEBSERVER" = "false" ]; then # When not using the built-in webserver, expose ports to all interfaces - HOST_BACKEND_PORT="${BACKEND_PORT}:3001" - HOST_CLIENT_PORT="${CLIENT_PORT}:3002" + # Using quotes to ensure the string is passed as-is to Docker Compose + HOST_BACKEND_PORT="\"${BACKEND_PORT}:3001\"" + HOST_CLIENT_PORT="\"${CLIENT_PORT}:3002\"" else # Keep ports only accessible via localhost when using Caddy - HOST_BACKEND_PORT="127.0.0.1:${BACKEND_PORT}:3001" - HOST_CLIENT_PORT="127.0.0.1:${CLIENT_PORT}:3002" + HOST_BACKEND_PORT="\"127.0.0.1:${BACKEND_PORT}:3001\"" + HOST_CLIENT_PORT="\"127.0.0.1:${CLIENT_PORT}:3002\"" fi cat > .env << EOL