deployment: added nginx+acme
Services are till now started via: backend/src/beherbergung/webserver/handler.clj (wrap-cors :access-control-allow-origin [#"http://localhost:3000" #".*.broenradio.org"] > lein run frontend/search/public/config.json {"base_url": "https://search.beherbergung.broenradio.org", "backend_base_url": "https://backend.beherbergung.broenradio.org"} > yarn && yarn build && yarn start
This commit is contained in:
parent
38a9850142
commit
1c330ebaef
|
@ -3,7 +3,8 @@ let
|
|||
util = dns.util.${system};
|
||||
in
|
||||
{
|
||||
networking.domain = "beherbergung.mission-lifeline.de";
|
||||
networking.domain = "beherbergung.broenradio.org";
|
||||
# "beherbergung.mission-lifeline.de";
|
||||
|
||||
services.bind = {
|
||||
enable = true;
|
||||
|
@ -12,9 +13,9 @@ in
|
|||
master = true;
|
||||
file = util.writeZone "${config.networking.domain}" (import (./dns + "/${config.networking.domain}.nix") {inherit dns;});
|
||||
};
|
||||
"beherbergung.broenradio.org" = { ## not required in future (but till the NS-record of beherbergung.mission-lifeline.de is configured)
|
||||
"beherbergung.mission-lifeline.de" = { ## not required in future (but till the NS-record of beherbergung.mission-lifeline.de is configured)
|
||||
master = true;
|
||||
file = util.writeZone "beherbergung.broenradio.org" (import (./dns + "/${config.networking.domain}.nix") {inherit dns;});
|
||||
file = util.writeZone "beherbergung.mission-lifeline.de" (import (./dns + "/${config.networking.domain}.nix") {inherit dns;});
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
{ config, pkgs, nixpkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./common.nix
|
||||
];
|
||||
|
||||
security.acme.certs."${config.networking.domain}".extraDomainNames = [
|
||||
"beherbergung.mission-lifeline.de"
|
||||
"backend.beherbergung.mission-lifeline.de"
|
||||
"search.beherbergung.mission-lifeline.de"
|
||||
"submission.beherbergung.mission-lifeline.de"
|
||||
];
|
||||
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
{ config, pkgs, nixpkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./common.nix
|
||||
];
|
||||
|
||||
security.acme.certs."${config.networking.domain}".extraDomainNames = [
|
||||
"backend.${config.networking.domain}"
|
||||
"search.${config.networking.domain}"
|
||||
"submission.${config.networking.domain}"
|
||||
];
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"search.${config.networking.domain}" = {
|
||||
#default = true; ## we would need cors settings supporting multiple hosts
|
||||
forceSSL = true;
|
||||
useACMEHost = config.networking.domain;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:3000";
|
||||
#proxyWebsockets = true;
|
||||
extraConfig = "proxy_pass_header Authorization;";
|
||||
};
|
||||
};
|
||||
"backend.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = config.networking.domain;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:4000";
|
||||
extraConfig = "proxy_pass_header Authorization;";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
{ config, pkgs, nixpkgs, ... }:
|
||||
{
|
||||
## After updating the nixpkgs, the acme-unit failed. It was mitigated by:
|
||||
## > chmod acme:nginx /var/lib/acme/
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
email = "acme-admin@mission-lifeline.de";
|
||||
preliminarySelfsigned = true;
|
||||
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
commonHttpConfig = ''
|
||||
#types_hash_max_size 1024;
|
||||
server_names_hash_bucket_size 128;
|
||||
'';
|
||||
|
||||
virtualHosts = {
|
||||
"${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
root = "/var/www";
|
||||
extraConfig = ''autoindex on;'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
}
|
|
@ -35,7 +35,7 @@
|
|||
#./deployment/modules/sops.nix
|
||||
./deployment/modules/dns.nix
|
||||
#./deployment/modules/monitoring/client.nix
|
||||
#./deployment/modules/nginx/timmi.nix
|
||||
./deployment/modules/nginx/beherbergung.nix
|
||||
#nix-deploy-git.nixosModule
|
||||
#./deployment/modules/nix-deploy-git.nix
|
||||
];
|
||||
|
@ -52,7 +52,7 @@
|
|||
beherbergung-lifeline = nixpkgs.lib.nixosSystem (lib.mergeAttrs commonAttrs {
|
||||
modules = commonModules ++ [
|
||||
./deployment/hosts/beherbergung-lifeline/configuration.nix
|
||||
#./deployment/modules/nginx/timmi-public.nix
|
||||
#./deployment/modules/nginx/beherbergung-lifeline.nix
|
||||
#./deployment/modules/binarycache/client.nix
|
||||
#./deployment/modules/binarycache/server.nix
|
||||
#./deployment/modules/monitoring/server.nix
|
||||
|
|
Loading…
Reference in New Issue