fixes

2025-05-13 19:02:08 +02:00 · 2025-05-13 19:02:08 +02:00 · 41105e2215
commit 41105e2215
parent 121b1264b7
5 changed files with 79 additions and 6 deletions
--- a/4
+++ b/4
@ -27,8 +27,8 @@ RUN chmod +x /docker-entrypoint.d/40-env.sh
 # Create a place for the index.html to include the env-config.js script
 RUN sed -i '/<head>/a \    <script src="/env-config.js"></script>' /usr/share/nginx/html/index.html || echo "Failed to inject env-config script tag"

-# Expose port 80
-EXPOSE 80
+# Expose port 3800 (changed from 80)
+EXPOSE 3800

 # Start Nginx server (the entrypoint scripts will run first)
 CMD ["nginx", "-g", "daemon off;"]
--- a/README.md
+++ b/README.md
@ -32,12 +32,13 @@ npm run dev

 ## Docker Setup

-This project can be run in Docker containers using Docker Compose.
+This project can be run in Docker containers using Docker Compose, and is configured to work with an Nginx reverse proxy on the host.

 ### Prerequisites

 - Docker
 - Docker Compose
+- Nginx (on the host system for SSL termination and reverse proxying)

 ### Running with Docker Compose

@ -46,13 +47,35 @@ This project can be run in Docker containers using Docker Compose.
 docker compose up -d
 ```

-2. Access the application at http://localhost:80
+2. The Docker container will listen on port 3800, which should be reverse-proxied by your host Nginx.

 3. Stop the containers:
 ```bash
 docker compose down
 ```

+### Nginx Configuration
+
+The project includes two Nginx configuration files:
+
+1. `nginx.conf`: Used INSIDE the Docker container to serve the static files on port 3800
+2. `nginx-host.conf`: A reference config for setting up your Nginx on the HOST to reverse proxy to the Docker container
+
+To set up the host Nginx:
+
+1. Copy the nginx-host.conf to your Nginx sites directory:
+```bash
+sudo cp nginx-host.conf /etc/nginx/sites-available/puffinoffset.com
+sudo ln -s /etc/nginx/sites-available/puffinoffset.com /etc/nginx/sites-enabled/
+```
+
+2. Uncomment the SSL certificate lines after you've obtained certificates using Certbot or another SSL provider
+3. Test and reload Nginx:
+```bash
+sudo nginx -t
+sudo systemctl reload nginx
+```
+
 ### Environment Variables

 When using Docker, the environment variables are mounted as a volume from your local `.env` file. Make sure it contains:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -6,7 +6,7 @@ services:
      context: .
      dockerfile: Dockerfile
    ports:
-      - "80:80"
+      - "3800:3800"  # Changed to port 3800 to match external Nginx config
    environment:
      - NODE_ENV=production
    restart: unless-stopped
--- a/nginx-host.conf
+++ b/nginx-host.conf
@ -0,0 +1,50 @@
+# /etc/nginx/sites-available/puffinoffset.com
+
+# 1) Redirect all HTTP to HTTPS, except the ACME challenge path
+server {
+    listen 80;
+    server_name puffinoffset.com;
+
+    # Allow certbot to do HTTP-01 challenges
+    location ^~ /.well-known/acme-challenge/ {
+        root /var/www/html;            # adjust if your webroot differs
+        try_files $uri =404;
+    }
+
+    # Redirect everything else to HTTPS
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+# 2) HTTPS server block: reverse-proxy to your Docker app on localhost:3800
+server {
+    listen 443 ssl http2;
+    server_name puffinoffset.com;
+
+    # === SSL certs from Let's Encrypt ===
+#    ssl_certificate     /etc/letsencrypt/live/puffinoffset.com/fullchain.pem;
+#    ssl_certificate_key /etc/letsencrypt/live/puffinoffset.com/privkey.pem;
+    include             /etc/letsencrypt/options-ssl-nginx.conf;   # from certbot
+    ssl_dhparam         /etc/letsencrypt/ssl-dhparams.pem;         # from certbot
+
+    # === Proxy all traffic to your Node app ===
+    location / {
+        proxy_pass         http://127.0.0.1:3800;
+        proxy_http_version 1.1;
+        proxy_set_header   Upgrade $http_upgrade;
+        proxy_set_header   Connection "upgrade";
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        # increase timeouts if your app sometimes takes longer to respond:
+        proxy_read_timeout 90;
+    }
+
+    # Optional: serve static assets directly if you ever add any here
+    # location /static/ {
+    #     root /var/www/puffinoffset.com;
+    #     try_files $uri $uri/ =404;
+    # }
+}
--- a/nginx.conf
+++ b/nginx.conf
@ -1,5 +1,5 @@
 server {
-    listen 80;
+    listen 3800;  # Changed to port 3800 to match external Nginx config
    server_name localhost;
    
    # Root directory for static files