Updated nginx to toggle ssl

2025-04-12 23:21:25 -04:00
parent 261daa8644
commit 99f23cb05b
7 changed files with 60 additions and 9 deletions
--- a/.env
+++ b/.env
@@ -1,7 +1,8 @@
 RUST_LOG=warn,api=info

 NGINX_HOST=localhost
-NGINX_PROTOCOL=https
+NGINX_SSL_ENABLED=false
+NGINX_PROTOCOL=http
 NGINX_HTTP_PORT=8080
 NGINX_HTTPS_PORT=8443
 NGINX_MINIO_HOST=host.docker.internal
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -19,7 +19,6 @@ services:
    environment:
      SSL_CERT_PATH: /etc/nginx/ssl/localhost.crt
      SSL_CERT_KEY_PATH: /etc/nginx/ssl/localhost.key
-      NGINX_HOST: ${NGINX_HOST:-localhost}
    ports:
      - "${NGINX_HTTP_PORT:-8080}:80"
      - "${NGINX_HTTPS_PORT:-8443}:443"
@@ -126,7 +125,7 @@ services:
      dockerfile: Dockerfile
    env_file: *env
    environment:
-      - NODE_ENV=${NODE_ENV:-development}
+      - VITE_NODE_ENV=${VITE_NODE_ENV:-development}
    ports:
      - "${UI_PORT:-3000}:3000"
    volumes:
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -1,3 +1,6 @@
 FROM nginx
 COPY nginx.conf /etc/nginx/nginx.conf
-COPY templates/ /etc/nginx/templates/
+COPY templates/ /templates/
+COPY scripts/01-configure_ssh.sh /docker-entrypoint.d/01-configure_ssh.sh
+
+RUN chmod +x /docker-entrypoint.d/01-configure_ssh.sh
--- a/nginx/scripts/01-configure_ssh.sh
+++ b/nginx/scripts/01-configure_ssh.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+mkdir -p /etc/nginx/templates
+
+if [ "$NGINX_SSL_ENABLED" = "true" ]; then
+    echo "Using SSL configuration"
+    cp /templates/ssl.conf.template /etc/nginx/templates/default.conf.template
+else
+    echo "Using non-SSL configuration"
+    cp /templates/nossl.conf.template /etc/nginx/templates/default.conf.template
+fi
--- a/nginx/templates/nossl.conf.template
+++ b/nginx/templates/nossl.conf.template
@@ -0,0 +1,36 @@
+# HTTP server configuration
+server {
+    listen       80;
+    listen  [::]:80;
+    server_name  ${NGINX_HOST};
+
+    location /api/ {
+        proxy_pass         ${API_PROTOCOL}://${NGINX_API_HOST}:${API_PORT}/api/;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+    }
+
+    location /minio/ {
+        proxy_pass         ${MINIO_PROTOCOL}://${NGINX_MINIO_HOST}:${MINIO_PORT_INTERNAL}/;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+    }
+
+    # Reverse proxy for the UI and default catch-all
+    location / {
+        proxy_pass         ${UI_PROTOCOL}://${NGINX_UI_HOST}:${UI_PORT}/;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+    }
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
--- a/nginx/templates/default.conf.template
+++ b/nginx/templates/default.conf.template
--- a/ui/Dockerfile
+++ b/ui/Dockerfile
@@ -22,7 +22,7 @@ RUN \
 FROM base AS runner
 ARG PORT=3000
 ENV PORT=${PORT}
-ENV NODE_ENV=production
+ENV VITE_NODE_ENV=production
 WORKDIR /app

 COPY --chown=node --from=builder /builder /app