From a3fc9bdc8cb37dbe20d1128893016026d07e4ff9 Mon Sep 17 00:00:00 2001 From: Naveen MR Date: Fri, 18 Feb 2022 11:45:50 +0000 Subject: [PATCH] docs : adding setup with nginx, certbot with domain config. Thanks to an end user who sent this. Signed-off-by: Naveen MR --- docker-compose/nginx/certbot-challenge.conf | 6 ++ docker-compose/nginx/docker-compose.yml | 68 +++++++++++++++++++ .../nginx/nocodb.example.domain.conf | 29 ++++++++ docker-compose/nginx/ssl.conf | 4 ++ 4 files changed, 107 insertions(+) create mode 100644 docker-compose/nginx/certbot-challenge.conf create mode 100644 docker-compose/nginx/docker-compose.yml create mode 100644 docker-compose/nginx/nocodb.example.domain.conf create mode 100644 docker-compose/nginx/ssl.conf diff --git a/docker-compose/nginx/certbot-challenge.conf b/docker-compose/nginx/certbot-challenge.conf new file mode 100644 index 0000000000..c96f878ba6 --- /dev/null +++ b/docker-compose/nginx/certbot-challenge.conf @@ -0,0 +1,6 @@ +# Certbot Renewal +location ^~ /.well-known/acme-challenge/ { + root /usr/share/nginx/html; + allow all; + default_type "text/plain"; +} \ No newline at end of file diff --git a/docker-compose/nginx/docker-compose.yml b/docker-compose/nginx/docker-compose.yml new file mode 100644 index 0000000000..58963ad1f3 --- /dev/null +++ b/docker-compose/nginx/docker-compose.yml @@ -0,0 +1,68 @@ +version: '3.9' + +networks: + frontend: + external: false + backend: + external: false + +# This is an example setup with an Nginx reverse proxy. +# If you already have an Nginx reverse proxy running, +# then allow the docker-compose.yml to reference an external network that the reverse proxy container is on +# (in lieu of the frontend network in this file) and have the NocoDB container connect to it. + +services: + reverse_proxy: + image: nginx:alpine + container_name: reverse_proxy + volumes: + - ./certbot:/etc/letsencrypt:ro # SSL certs + - ./nginx:/etc/nginx # Nginx config file + - path/to/webroot:/usr/share/nginx/html # Mount directory web site files for webroot certificate validation with Certbot + ports: + - 80:80 + - 443:443 + restart: unless-stopped + networks: + - frontend + + certbot: + image: certbot/certbot + container_name: certbot + volumes: + - ./certbot:/etc/letsencrypt + - path/to/webroot:/var/www/html # For webroot certificate validation + depends_on: + - reverse_proxy + command: certonly --webroot --webroot-path=/var/www/html --email user@example.domain --agree-tos --no-eff-email -d example.domain,www.example.domain,nocodb.example.domain + + nocodb_app: + image: nocodb/nocodb:latest + container_name: nocodb_app + restart: unless-stopped + volumes: + - ./nocodb/data:/usr/app/data + networks: + - backend + - frontend + environment: + NC_DB: mysql2://nocodb_database:3306?u=root&p=${MYSQL_ROOT_PASSWORD}&d=${MYSQL_DATABASE} # While it is not good practice to use the Root user, there were issues with granting privileges to a new user using the Linuxserver MariaDB image. + NC_PUBLIC_URL: ${NC_PUBLIC_URL} + NC_AUTH_JWT_SECRET: ${NC_AUTH_JWT_SECRET} + depends_on: + - nocodb_database + + nocodb_database: + image: ghcr.io/linuxserver/mariadb:alpine # Using the non-official MariaDB image because it is an alpine distro and has a considerably smaller footprint. + container_name: nocodb_database + volumes: + - ./mariadb/config:/config + - ./mariadb/data:/var/lib/mysql + networks: + - backend + restart: always + environment: + - MYSQL_ROOT_PASSWORD + - MYSQL_DATABASE + - MYSQL_USER + - MYSQL_PASSWORD diff --git a/docker-compose/nginx/nocodb.example.domain.conf b/docker-compose/nginx/nocodb.example.domain.conf new file mode 100644 index 0000000000..94a9c23e22 --- /dev/null +++ b/docker-compose/nginx/nocodb.example.domain.conf @@ -0,0 +1,29 @@ +upstream nocodb { + server nocodb_app:8080; +} + +server { + server_name nocodb.example.domain; + listen 80; + listen [::]:80; + # Redirect to ssl + return 301 https://$host$request_uri; +} + +server { + server_name nocodb.example.domain; + listen 443 ssl http2; + listen [::]:443 ssl http2; + + #SSL configuration + include /etc/nginx/ssl.conf; + include /etc/nginx/certbot-challenge.conf; + + location / { + proxy_pass http://nocodb; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + } +} \ No newline at end of file diff --git a/docker-compose/nginx/ssl.conf b/docker-compose/nginx/ssl.conf new file mode 100644 index 0000000000..f04961f32f --- /dev/null +++ b/docker-compose/nginx/ssl.conf @@ -0,0 +1,4 @@ +ssl_certificate /etc/letsencrypt/live/vsnt.uk/fullchain.pem; # managed by Certbot +ssl_certificate_key /etc/letsencrypt/live/vsnt.uk/privkey.pem; # managed by Certbot +ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot \ No newline at end of file