diff options
| author | Tor Andersson <tor@ccxvii.net> | 2022-11-23 16:59:45 +0100 |
|---|---|---|
| committer | Tor Andersson <tor@ccxvii.net> | 2022-12-21 14:14:58 +0100 |
| commit | 00916460c8261473b2afce60853c406f10aee6c0 (patch) | |
| tree | b42faf394c239f0a77080d68bd595900b82a4fd1 /INSTALL.md | |
| parent | 83835ea22d7e169f80d8740ce8a542103257d173 (diff) | |
| download | server-00916460c8261473b2afce60853c406f10aee6c0.tar.gz | |
Simplify server.
Only listen to HTTP. Use reverse proxy server to handle SSL,
compression, etc.
Diffstat (limited to 'INSTALL.md')
| -rw-r--r-- | INSTALL.md | 59 |
1 files changed, 36 insertions, 23 deletions
@@ -19,41 +19,22 @@ sqlite3 db < schema.sql sqlite3 db < public/julius-caesar/title.sql ``` -Redirect port 80 and 443 to 8080 and 8443: - -``` -sudo iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-ports 8080 -sudo iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-ports 8443 -``` - -Create SSL certificate with Let's Encrypt certbot, or self-signed with OpenSSL: - -``` -openssl req -nodes -new -x509 -keyout key.pem -out cert.pem -``` - Configure the server using the .env file: ``` NODE_ENV=production -SITE_NAME=YOUR_SITE_NAME -SITE_HOST=YOUR_DOMAIN -SITE_URL=https://YOUR_DOMAIN +SITE_NAME=Example +SITE_URL=https://example.com +HTTP_HOST=localhost HTTP_PORT=8080 -HTTPS_PORT=8443 -SSL_KEY=/etc/letsencrypt/live/YOUR_DOMAIN/privkey.com -SSL_CERT=/etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem - -MAIL_FROM=YOUR_SITE_NAME <notifications@YOUR_DOMAIN> +MAIL_FROM=Example <notifications@example.com> MAIL_HOST=localhost MAIL_PORT=25 ``` -If the HTTPS_PORT is missing, the server will only serve HTTP. - If MAIL_HOST/PORT/FROM are not present, the server will not send notification emails. Start the server: @@ -61,3 +42,35 @@ Start the server: ``` node server.js ``` + +To use SSL you should run the site behind a reverse proxy server, such as Nginx. +Here is an example Nginx configuration: + +``` +server { + listen 80; + server_name example.com www.example.com; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name example.com www.example.com; + ssl_certificate /path/to/ssl/certificate/fullchain.cer; + ssl_certificate_key /path/to/ssl/certificate/example.com.key; + root /path/to/server/public; + location / { + try_files $uri @rally; + } + location @rally { + proxy_pass http://127.0.0.1:8080; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + } +} +``` |