add caddy example

2025-06-23 12:05:01 +00:00 · 2025-04-05 17:06:53 +01:00 · 2025-04-05 17:06:53 +01:00 · 243fe2cd5a
commit 243fe2cd5a
parent 14d767114a
9 changed files with 43 additions and 215 deletions
--- a/.env.example
+++ b/.env.example
@ -12,10 +12,10 @@ LOOKUP_RELAYS=wss://user.kindpag.es,wss://purplepag.es
 SUBSCRIPTION_RELAYS=wss://nos.lol,wss://relay.damus.io

 # A list of fallback blossom servers
-BLOSSOM_SERVERS=https://nostr.download,https://cdn.satellite.earth
+BLOSSOM_SERVERS="https://nostr.download,https://cdn.satellite.earth"

 # The max file size to serve
-MAX_FILE_SIZE='2 MB'
+MAX_FILE_SIZE="2 MB"

 # A nprofile pointer for an nsite to use as the default homepage
 # Setting this will override anything in the ./public folder
--- a/8
+++ b/8
@ -0,0 +1,8 @@
+#{
+#    email your-email@example.com
+#}
+
+# This will match example.com and all its subdomains (*.example.com)
+example.com, *.example.com {
+    reverse_proxy nsite:3000
+}
--- a/2
+++ b/2
@ -29,7 +29,7 @@ COPY --from=build ./app/build ./build

 COPY ./public ./public

-EXPOSE 80 3000
+EXPOSE 3000
 ENV NSITE_PORT="3000"

 CMD ["node", "."]
--- a/README.md
+++ b/README.md
@ -2,6 +2,20 @@

 A Typescript implementation of [static websites on nostr](https://github.com/nostr-protocol/nips/pull/1538)

+## Configuring
+
+All configuration is done through the `.env` file. start by copying the example file and modifying it.
+
+```sh
+cp .env.example .env
+```
+
+## Running with npx
+
+```sh
+npx nsite-gateway
+```
+
 ## Running with docker-compose

 ```sh
@ -10,82 +24,16 @@ cd nsite-gateway
 docker compose up
 ```

-Once the service is running you can access the cached version at `http://localhost:8080`
-
-If you need to test, you can directly access the ts server at `http://localhost:3000`
+Once the service is running you can access the gateway at `http://localhost:3000`

 ## Running with docker

 The `ghcr.io/hzrd149/nsite-gateway` image can be used to run a http instance locally

 ```sh
-docker run --rm -it --name nsite -p 8080:80 ghcr.io/hzrd149/nsite-gateway
+docker run --rm -it --name nsite -p 3000:3000 ghcr.io/hzrd149/nsite-gateway
 ```

-## Manual nginx setup
-
-Before manually setting up nginx and nsite-gateway you need a few things installed
-
- [nginx](https://nginx.org/)
- [nodejs](https://nodejs.org/en/download/package-manager) (dep packages [here](https://deb.nodesource.com/))
- [pnpm](https://pnpm.io/) run `npm i -g pnpm` to install
-
-Next your going to need to clone the nsite-gateway repo and set it up
-
-```sh
-git clone https://github.com/hzrd149/nsite-gateway
-cd nsite-gateway
-
-# install dependencies
-pnpm install
-
-# build app
-pnpm build
-```
-
-Then create a new `.env` file for configuration
-
-```sh
-cp .env.example .env
-```
-
-Next copy and setup the systemd service
-
-```sh
-sudo cp contrib/nsite.service /etx/systemd/system/nsite.service
-
-# edit the service and set the working directory path
-sudo nano /etx/systemd/system/nsite.service
-
-# reload systemd service
-sudo systemctl daemon-reload
-
-# start service
-sudo systemctl start nsite
-```
-
-Then once nsite-gateway is running, next you need to configure nginx
-
-Start by modifying the `/etx/nginx/nginx.conf` file and adding a `proxy_cache_path` to the `http` section
-
-```sh
-sudo nano /etc/nginx/nginx.conf
-```
-
-```diff
-http {
-+  proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=request_cache:10m max_size=10g inactive=60m use_temp_path=off;
-}
-```
-
-Next modify the default site config (usually `/etx/nginx/sites-enabled/default` or `/etc/nginx/conf.d/default.conf`) to be one of
-
- [nginx/http.conf](./nginx/http.conf)
- [nginx/tls.conf](./nginx/tls.conf)
- [nginx/tls-and-tor.conf](./nginx/tls-and-tor.conf)
-
-Once that is done you can restart nginx and you should have a new nsite server running on port 80
-
 ## Tor setup

 First you need to install tor (`sudo apt install tor` on debian systems) or [Documentation](https://community.torproject.org/onion-services/setup/install/)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,6 +1,7 @@
 services:
  redis:
    image: redis:alpine
+    restart: unless-stopped
    command: redis-server --save 60 1 --loglevel warning
    volumes:
      - redis-data:/data
@ -8,14 +9,28 @@ services:
  nsite:
    build: .
    image: ghcr.io/hzrd149/nsite-gateway:master
+    restart: unless-stopped
    environment:
      LOOKUP_RELAYS: wss://user.kindpag.es,wss://purplepag.es
      SUBSCRIPTION_RELAYS: wss://nostrue.com/,wss://nos.lol/,wss://relay.damus.io/,wss://purplerelay.com/
      CACHE_PATH: redis://redis:6379
    depends_on:
      - redis
+
+  caddy:
+    image: caddy:alpine
+    restart: unless-stopped
    ports:
-      - 3000:3000
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+      - caddy_config:/config
+    depends_on:
+      - nsite

 volumes:
  redis-data:
+  caddy_data:
+  caddy_config:
--- a/nginx/http.conf
+++ b/nginx/http.conf
@ -1,19 +0,0 @@
-server {
-	listen 80;
-	listen [::]:80;
-	server_name nsite;
-
-	location / {
-		proxy_cache request_cache;
-		proxy_cache_valid 200 60m;
-		proxy_cache_valid 404 10m;
-		proxy_cache_key $host$uri;
-		proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-
-		expires 30d;
-		add_header Cache-Control "public, no-transform";
-
-		proxy_set_header Host $host;
-		proxy_pass http://127.0.0.1:3000;
-	}
-}
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -1,33 +0,0 @@
-user  nsite;
-worker_processes  auto;
-
-error_log  /dev/stderr notice;
-pid        /var/run/nginx.pid;
-
-events {
-	worker_connections  1024;
-}
-
-http {
-	include       /etc/nginx/mime.types;
-	default_type  application/octet-stream;
-
-	# add custom cache
-	proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=request_cache:10m max_size=10g inactive=60m use_temp_path=off;
-
-	log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-										'$status $body_bytes_sent "$http_referer" '
-										'"$http_user_agent" "$http_x_forwarded_for"';
-
-	access_log  /dev/stdout  main;
-
-	sendfile        on;
-	#tcp_nopush     on;
-
-	keepalive_timeout  65;
-
-	gzip on;
-
-	include /etc/nginx/conf.d/*.conf;
-}
-
--- a/nginx/tls-and-tor.conf
+++ b/nginx/tls-and-tor.conf
@ -1,56 +0,0 @@
-# tor .onion server
-server {
-	listen 80;
-	listen [::]:80;
-	server_name *.onion;
-
-	location / {
-		proxy_cache request_cache;
-		proxy_cache_valid 200 60m;
-		proxy_cache_valid 404 10m;
-		proxy_cache_key $host$uri;
-		proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-
-		expires 30d;
-		add_header Cache-Control "public, no-transform";
-
-		proxy_set_header Host $host;
-		proxy_pass http://127.0.0.1:3000;
-	}
-}
-
-# redirect http to https
-server {
-	listen 80;
-	listen [::]:80;
-	server_name _;
-	return 307 https://$host$request_uri;
-}
-
-# http server
-server {
-	listen 443 ssl;
-	listen [::]:443 ssl;
-	server_name nsite;
-
-	ssl_certificate /path/to/certificate/fullchain1.pem;
-	ssl_certificate_key /path/to/certificate/privkey1.pem;
-
-	ssl_protocols TLSv1.2 TLSv1.3;
-	ssl_prefer_server_ciphers on;
-	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-
-	location / {
-		proxy_cache request_cache;
-		proxy_cache_valid 200 60m;
-		proxy_cache_valid 404 10m;
-		proxy_cache_key $host$uri;
-		proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-
-		expires 30d;
-		add_header Cache-Control "public, no-transform";
-
-		proxy_set_header Host $host;
-		proxy_pass http://127.0.0.1:3000;
-	}
-}
--- a/nginx/tls.conf
+++ b/nginx/tls.conf
@ -1,35 +0,0 @@
-# redirect http to https
-server {
-	listen 80;
-	listen [::]:80;
-	server_name _;
-	return 307 https://$host$request_uri;
-}
-
-# nginx config for tls
-server {
-	listen 443 ssl;
-	listen [::]:443 ssl;
-	server_name nsite;
-
-	ssl_certificate /path/to/certificate/fullchain1.pem;
-	ssl_certificate_key /path/to/certificate/privkey1.pem;
-
-	ssl_protocols TLSv1.2 TLSv1.3;
-	ssl_prefer_server_ciphers on;
-	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-
-	location / {
-		proxy_cache request_cache;
-		proxy_cache_valid 200 60m;
-		proxy_cache_valid 404 10m;
-		proxy_cache_key $host$uri;
-		proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-
-		expires 30d;
-		add_header Cache-Control "public, no-transform";
-
-		proxy_set_header Host $host;
-		proxy_pass http://127.0.0.1:3000;
-	}
-}