Merge pull request #1298 from nocodb/nginx

docs : adding setup with nginx, certbot with domain config.

docker-compose/nginx/certbot-challenge.conf

@@ -0,0 +1,6 @@
+# Certbot Renewal
+location ^~ /.well-known/acme-challenge/ {
+    root /usr/share/nginx/html;
+    allow all;
+    default_type "text/plain";
+}

docker-compose/nginx/docker-compose.yml

@@ -0,0 +1,68 @@
+version: '3.9'
+
+networks:
+    frontend:
+        external: false
+    backend:
+        external: false
+
+# This is an example setup with an Nginx reverse proxy.
+# If you already have an Nginx reverse proxy running,
+# then allow the docker-compose.yml to reference an external network that the reverse proxy container is on
+# (in lieu of the frontend network in this file) and have the NocoDB container connect to it.
+
+services:
+    reverse_proxy:
+        image: nginx:alpine
+        container_name: reverse_proxy
+        volumes:
+            - ./certbot:/etc/letsencrypt:ro         # SSL certs
+            - ./nginx:/etc/nginx                    # Nginx config file
+            - path/to/webroot:/usr/share/nginx/html # Mount directory web site files for webroot certificate validation with Certbot
+        ports:
+            - 80:80
+            - 443:443
+        restart: unless-stopped
+        networks:
+            - frontend
+
+    certbot:
+        image: certbot/certbot
+        container_name: certbot
+        volumes:
+            - ./certbot:/etc/letsencrypt
+            - path/to/webroot:/var/www/html         # For webroot certificate validation
+        depends_on:
+            - reverse_proxy
+        command: certonly --webroot --webroot-path=/var/www/html --email user@example.domain --agree-tos --no-eff-email -d example.domain,www.example.domain,nocodb.example.domain
+
+    nocodb_app:
+        image: nocodb/nocodb:latest
+        container_name: nocodb_app
+        restart: unless-stopped
+        volumes:
+            - ./nocodb/data:/usr/app/data
+        networks:
+            - backend
+            - frontend
+        environment:
+            NC_DB: mysql2://nocodb_database:3306?u=root&p=${MYSQL_ROOT_PASSWORD}&d=${MYSQL_DATABASE}    # While it is not good practice to use the Root user, there were issues with granting privileges to a new user using the Linuxserver MariaDB image.
+            NC_PUBLIC_URL: ${NC_PUBLIC_URL}
+            NC_AUTH_JWT_SECRET: ${NC_AUTH_JWT_SECRET}
+        depends_on:
+            - nocodb_database
+
+    nocodb_database:
+        image: ghcr.io/linuxserver/mariadb:alpine     # Using the non-official MariaDB image because it is an alpine distro and has a considerably smaller footprint.
+        container_name: nocodb_database
+        volumes:
+            - ./mariadb/config:/config
+            - ./mariadb/data:/var/lib/mysql
+        networks:
+            - backend
+        restart: always
+        environment:
+            - MYSQL_ROOT_PASSWORD
+            - MYSQL_DATABASE
+            - MYSQL_USER
+            - MYSQL_PASSWORD

docker-compose/nginx/nocodb.example.domain.conf

@@ -0,0 +1,29 @@
+upstream nocodb {
+    server  nocodb_app:8080;
+}
+
+server {
+	server_name nocodb.example.domain;
+	listen 80;
+	listen [::]:80;
+    # Redirect to ssl
+	return 301 https://$host$request_uri;
+}
+
+server {
+	server_name nocodb.example.domain;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	#SSL configuration
+	include	/etc/nginx/ssl.conf;
+	include	/etc/nginx/certbot-challenge.conf;
+
+    location / {
+        proxy_pass http://nocodb;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection 'upgrade';
+		proxy_set_header Host $host;
+    }
+}

docker-compose/nginx/ssl.conf

@@ -0,0 +1,4 @@
+ssl_certificate /etc/letsencrypt/live/vsnt.uk/fullchain.pem; # managed by Certbot
+ssl_certificate_key /etc/letsencrypt/live/vsnt.uk/privkey.pem; # managed by Certbot
+ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot