From 243fe2cd5a735512af7fade90f6d7f66bc285968 Mon Sep 17 00:00:00 2001 From: hzrd149 Date: Sat, 5 Apr 2025 17:06:53 +0100 Subject: [PATCH] add caddy example --- .env.example | 4 +- Caddyfile | 8 ++++ Dockerfile | 2 +- README.md | 84 ++++++++---------------------------------- docker-compose.yml | 17 ++++++++- nginx/http.conf | 19 ---------- nginx/nginx.conf | 33 ----------------- nginx/tls-and-tor.conf | 56 ---------------------------- nginx/tls.conf | 35 ------------------ 9 files changed, 43 insertions(+), 215 deletions(-) create mode 100644 Caddyfile delete mode 100644 nginx/http.conf delete mode 100644 nginx/nginx.conf delete mode 100644 nginx/tls-and-tor.conf delete mode 100644 nginx/tls.conf diff --git a/.env.example b/.env.example index e17837c..35f6c5a 100644 --- a/.env.example +++ b/.env.example @@ -12,10 +12,10 @@ LOOKUP_RELAYS=wss://user.kindpag.es,wss://purplepag.es SUBSCRIPTION_RELAYS=wss://nos.lol,wss://relay.damus.io # A list of fallback blossom servers -BLOSSOM_SERVERS=https://nostr.download,https://cdn.satellite.earth +BLOSSOM_SERVERS="https://nostr.download,https://cdn.satellite.earth" # The max file size to serve -MAX_FILE_SIZE='2 MB' +MAX_FILE_SIZE="2 MB" # A nprofile pointer for an nsite to use as the default homepage # Setting this will override anything in the ./public folder diff --git a/Caddyfile b/Caddyfile new file mode 100644 index 0000000..516ace2 --- /dev/null +++ b/Caddyfile @@ -0,0 +1,8 @@ +#{ +# email your-email@example.com +#} + +# This will match example.com and all its subdomains (*.example.com) +example.com, *.example.com { + reverse_proxy nsite:3000 +} diff --git a/Dockerfile b/Dockerfile index 9e37db9..ff1c4c4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ COPY --from=build ./app/build ./build COPY ./public ./public -EXPOSE 80 3000 +EXPOSE 3000 ENV NSITE_PORT="3000" CMD ["node", "."] diff --git a/README.md b/README.md index 95686e9..8bbcad6 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,20 @@ A Typescript implementation of [static websites on nostr](https://github.com/nostr-protocol/nips/pull/1538) +## Configuring + +All configuration is done through the `.env` file. start by copying the example file and modifying it. + +```sh +cp .env.example .env +``` + +## Running with npx + +```sh +npx nsite-gateway +``` + ## Running with docker-compose ```sh @@ -10,82 +24,16 @@ cd nsite-gateway docker compose up ``` -Once the service is running you can access the cached version at `http://localhost:8080` - -If you need to test, you can directly access the ts server at `http://localhost:3000` +Once the service is running you can access the gateway at `http://localhost:3000` ## Running with docker The `ghcr.io/hzrd149/nsite-gateway` image can be used to run a http instance locally ```sh -docker run --rm -it --name nsite -p 8080:80 ghcr.io/hzrd149/nsite-gateway +docker run --rm -it --name nsite -p 3000:3000 ghcr.io/hzrd149/nsite-gateway ``` -## Manual nginx setup - -Before manually setting up nginx and nsite-gateway you need a few things installed - -- [nginx](https://nginx.org/) -- [nodejs](https://nodejs.org/en/download/package-manager) (dep packages [here](https://deb.nodesource.com/)) -- [pnpm](https://pnpm.io/) run `npm i -g pnpm` to install - -Next your going to need to clone the nsite-gateway repo and set it up - -```sh -git clone https://github.com/hzrd149/nsite-gateway -cd nsite-gateway - -# install dependencies -pnpm install - -# build app -pnpm build -``` - -Then create a new `.env` file for configuration - -```sh -cp .env.example .env -``` - -Next copy and setup the systemd service - -```sh -sudo cp contrib/nsite.service /etx/systemd/system/nsite.service - -# edit the service and set the working directory path -sudo nano /etx/systemd/system/nsite.service - -# reload systemd service -sudo systemctl daemon-reload - -# start service -sudo systemctl start nsite -``` - -Then once nsite-gateway is running, next you need to configure nginx - -Start by modifying the `/etx/nginx/nginx.conf` file and adding a `proxy_cache_path` to the `http` section - -```sh -sudo nano /etc/nginx/nginx.conf -``` - -```diff -http { -+ proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=request_cache:10m max_size=10g inactive=60m use_temp_path=off; -} -``` - -Next modify the default site config (usually `/etx/nginx/sites-enabled/default` or `/etc/nginx/conf.d/default.conf`) to be one of - -- [nginx/http.conf](./nginx/http.conf) -- [nginx/tls.conf](./nginx/tls.conf) -- [nginx/tls-and-tor.conf](./nginx/tls-and-tor.conf) - -Once that is done you can restart nginx and you should have a new nsite server running on port 80 - ## Tor setup First you need to install tor (`sudo apt install tor` on debian systems) or [Documentation](https://community.torproject.org/onion-services/setup/install/) diff --git a/docker-compose.yml b/docker-compose.yml index 8e6273b..2e4606e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,7 @@ services: redis: image: redis:alpine + restart: unless-stopped command: redis-server --save 60 1 --loglevel warning volumes: - redis-data:/data @@ -8,14 +9,28 @@ services: nsite: build: . image: ghcr.io/hzrd149/nsite-gateway:master + restart: unless-stopped environment: LOOKUP_RELAYS: wss://user.kindpag.es,wss://purplepag.es SUBSCRIPTION_RELAYS: wss://nostrue.com/,wss://nos.lol/,wss://relay.damus.io/,wss://purplerelay.com/ CACHE_PATH: redis://redis:6379 depends_on: - redis + + caddy: + image: caddy:alpine + restart: unless-stopped ports: - - 3000:3000 + - "80:80" + - "443:443" + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile:ro + - caddy_data:/data + - caddy_config:/config + depends_on: + - nsite volumes: redis-data: + caddy_data: + caddy_config: diff --git a/nginx/http.conf b/nginx/http.conf deleted file mode 100644 index 51155f8..0000000 --- a/nginx/http.conf +++ /dev/null @@ -1,19 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name nsite; - - location / { - proxy_cache request_cache; - proxy_cache_valid 200 60m; - proxy_cache_valid 404 10m; - proxy_cache_key $host$uri; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - - expires 30d; - add_header Cache-Control "public, no-transform"; - - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3000; - } -} diff --git a/nginx/nginx.conf b/nginx/nginx.conf deleted file mode 100644 index 9d16ade..0000000 --- a/nginx/nginx.conf +++ /dev/null @@ -1,33 +0,0 @@ -user nsite; -worker_processes auto; - -error_log /dev/stderr notice; -pid /var/run/nginx.pid; - -events { - worker_connections 1024; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # add custom cache - proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=request_cache:10m max_size=10g inactive=60m use_temp_path=off; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /dev/stdout main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - gzip on; - - include /etc/nginx/conf.d/*.conf; -} - diff --git a/nginx/tls-and-tor.conf b/nginx/tls-and-tor.conf deleted file mode 100644 index b5059a3..0000000 --- a/nginx/tls-and-tor.conf +++ /dev/null @@ -1,56 +0,0 @@ -# tor .onion server -server { - listen 80; - listen [::]:80; - server_name *.onion; - - location / { - proxy_cache request_cache; - proxy_cache_valid 200 60m; - proxy_cache_valid 404 10m; - proxy_cache_key $host$uri; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - - expires 30d; - add_header Cache-Control "public, no-transform"; - - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3000; - } -} - -# redirect http to https -server { - listen 80; - listen [::]:80; - server_name _; - return 307 https://$host$request_uri; -} - -# http server -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name nsite; - - ssl_certificate /path/to/certificate/fullchain1.pem; - ssl_certificate_key /path/to/certificate/privkey1.pem; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - - location / { - proxy_cache request_cache; - proxy_cache_valid 200 60m; - proxy_cache_valid 404 10m; - proxy_cache_key $host$uri; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - - expires 30d; - add_header Cache-Control "public, no-transform"; - - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3000; - } -} diff --git a/nginx/tls.conf b/nginx/tls.conf deleted file mode 100644 index 25a3cfb..0000000 --- a/nginx/tls.conf +++ /dev/null @@ -1,35 +0,0 @@ -# redirect http to https -server { - listen 80; - listen [::]:80; - server_name _; - return 307 https://$host$request_uri; -} - -# nginx config for tls -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name nsite; - - ssl_certificate /path/to/certificate/fullchain1.pem; - ssl_certificate_key /path/to/certificate/privkey1.pem; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - - location / { - proxy_cache request_cache; - proxy_cache_valid 200 60m; - proxy_cache_valid 404 10m; - proxy_cache_key $host$uri; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - - expires 30d; - add_header Cache-Control "public, no-transform"; - - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3000; - } -}