From a3fc9bdc8cb37dbe20d1128893016026d07e4ff9 Mon Sep 17 00:00:00 2001
From: Naveen MR <oof1lab@gmail.com>
Date: Fri, 18 Feb 2022 11:45:50 +0000
Subject: [PATCH] docs : adding setup with nginx, certbot with domain config.

Thanks to an end user who sent this.

Signed-off-by: Naveen MR <oof1lab@gmail.com>
---
 docker-compose/nginx/certbot-challenge.conf   |  6 ++
 docker-compose/nginx/docker-compose.yml       | 68 +++++++++++++++++++
 .../nginx/nocodb.example.domain.conf          | 29 ++++++++
 docker-compose/nginx/ssl.conf                 |  4 ++
 4 files changed, 107 insertions(+)
 create mode 100644 docker-compose/nginx/certbot-challenge.conf
 create mode 100644 docker-compose/nginx/docker-compose.yml
 create mode 100644 docker-compose/nginx/nocodb.example.domain.conf
 create mode 100644 docker-compose/nginx/ssl.conf

diff --git a/docker-compose/nginx/certbot-challenge.conf b/docker-compose/nginx/certbot-challenge.conf
new file mode 100644
index 0000000000..c96f878ba6
--- /dev/null
+++ b/docker-compose/nginx/certbot-challenge.conf
@@ -0,0 +1,6 @@
+# Certbot Renewal
+location ^~ /.well-known/acme-challenge/ {
+    root /usr/share/nginx/html;
+    allow all;
+    default_type "text/plain";
+}
\ No newline at end of file
diff --git a/docker-compose/nginx/docker-compose.yml b/docker-compose/nginx/docker-compose.yml
new file mode 100644
index 0000000000..58963ad1f3
--- /dev/null
+++ b/docker-compose/nginx/docker-compose.yml
@@ -0,0 +1,68 @@
+version: '3.9'
+
+networks:
+    frontend:
+        external: false
+    backend:
+        external: false
+
+# This is an example setup with an Nginx reverse proxy.
+# If you already have an Nginx reverse proxy running,
+# then allow the docker-compose.yml to reference an external network that the reverse proxy container is on
+# (in lieu of the frontend network in this file) and have the NocoDB container connect to it.
+
+services:
+    reverse_proxy:
+        image: nginx:alpine
+        container_name: reverse_proxy
+        volumes:
+            - ./certbot:/etc/letsencrypt:ro         # SSL certs
+            - ./nginx:/etc/nginx                    # Nginx config file
+            - path/to/webroot:/usr/share/nginx/html # Mount directory web site files for webroot certificate validation with Certbot
+        ports:
+            - 80:80
+            - 443:443
+        restart: unless-stopped
+        networks:
+            - frontend
+
+    certbot:
+        image: certbot/certbot
+        container_name: certbot
+        volumes:
+            - ./certbot:/etc/letsencrypt
+            - path/to/webroot:/var/www/html         # For webroot certificate validation
+        depends_on:
+            - reverse_proxy
+        command: certonly --webroot --webroot-path=/var/www/html --email user@example.domain --agree-tos --no-eff-email -d example.domain,www.example.domain,nocodb.example.domain
+
+    nocodb_app:
+        image: nocodb/nocodb:latest
+        container_name: nocodb_app
+        restart: unless-stopped
+        volumes:
+            - ./nocodb/data:/usr/app/data
+        networks:
+            - backend
+            - frontend
+        environment:
+            NC_DB: mysql2://nocodb_database:3306?u=root&p=${MYSQL_ROOT_PASSWORD}&d=${MYSQL_DATABASE}    # While it is not good practice to use the Root user, there were issues with granting privileges to a new user using the Linuxserver MariaDB image.
+            NC_PUBLIC_URL: ${NC_PUBLIC_URL}
+            NC_AUTH_JWT_SECRET: ${NC_AUTH_JWT_SECRET}
+        depends_on:
+            - nocodb_database
+
+    nocodb_database:
+        image: ghcr.io/linuxserver/mariadb:alpine     # Using the non-official MariaDB image because it is an alpine distro and has a considerably smaller footprint.
+        container_name: nocodb_database
+        volumes:
+            - ./mariadb/config:/config
+            - ./mariadb/data:/var/lib/mysql
+        networks:
+            - backend
+        restart: always
+        environment:
+            - MYSQL_ROOT_PASSWORD
+            - MYSQL_DATABASE
+            - MYSQL_USER
+            - MYSQL_PASSWORD
diff --git a/docker-compose/nginx/nocodb.example.domain.conf b/docker-compose/nginx/nocodb.example.domain.conf
new file mode 100644
index 0000000000..94a9c23e22
--- /dev/null
+++ b/docker-compose/nginx/nocodb.example.domain.conf
@@ -0,0 +1,29 @@
+upstream nocodb {
+    server  nocodb_app:8080;
+}
+
+server {
+	server_name nocodb.example.domain;
+	listen 80;
+	listen [::]:80;
+    # Redirect to ssl
+	return 301 https://$host$request_uri;
+}
+
+server {
+	server_name nocodb.example.domain;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	#SSL configuration
+	include	/etc/nginx/ssl.conf;
+	include	/etc/nginx/certbot-challenge.conf;
+
+    location / {
+        proxy_pass http://nocodb;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection 'upgrade';
+		proxy_set_header Host $host;
+    }
+}
\ No newline at end of file
diff --git a/docker-compose/nginx/ssl.conf b/docker-compose/nginx/ssl.conf
new file mode 100644
index 0000000000..f04961f32f
--- /dev/null
+++ b/docker-compose/nginx/ssl.conf
@@ -0,0 +1,4 @@
+ssl_certificate /etc/letsencrypt/live/vsnt.uk/fullchain.pem; # managed by Certbot
+ssl_certificate_key /etc/letsencrypt/live/vsnt.uk/privkey.pem; # managed by Certbot
+ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
\ No newline at end of file