examples on deployment

5 months ago · 19cd9b8507
4 changed files with 107 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -40,6 +40,8 @@ each note has a 512bit generated <i>id</i> that is used to retrieve the note. da

 ℹ️ `https` is required otherwise browsers will not support the cryptographic functions.

+### Docker
+
 Docker is the easiest way. There is the [official image here](https://hub.docker.com/r/cupcakearmy/cryptgeon).

 ```yaml
@ -60,6 +62,47 @@ services:
 - 80:5000
 ```

+### NGINX Proxy
+
+See the [examples/nginx](https://github.com/cupcakearmy/cryptgeon/tree/main/examples/nginx) folder. There an example with a simple proxy, and one with https. You need to specify the server names and certificates.
+
+### Traefik 2
+
+Assumptions:
+
+- External proxy docker network `proxy`
+- A certificate resolver `le`
+- A https entrypoint `secure`
+- Domain name `example.org`
+
+```yaml
+version: '3.8'
+
+networks:
+ proxy:
+ external: true
+
+services:
+ memcached:
+ image: memcached:1-alpine
+ restart: unless-stopped
+ entrypoint: memcached -m 128 # Limit to 128 MB Ram, customize at free will.
+
+ app:
+ image: cupcakearmy/cryptgeon:latest
+ restart: unless-stopped
+ depends_on:
+ - memcached
+ networks:
+ - default
+ - proxy
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.cryptgeon.rule=Host(`example.org`)
+ - traefik.http.routers.cryptgeon.entrypoints=secure
+ - traefik.http.routers.cryptgeon.tls.certresolver=le
+```
+
 ## Development

 1. Clone
--- a/examples/nginx/docker-compose.yaml
+++ b/examples/nginx/docker-compose.yaml
@ -0,0 +1,22 @@
+version: '3.8'
+
+services:
+ memcached:
+ image: memcached:1-alpine
+ entrypoint: memcached -m 128 # Limit to 128 MB Ram, customize at free will.
+
+ app:
+ image: cupcakearmy/cryptgeon:latest
+ depends_on:
+ - memcached
+ 
+ proxy:
+ image: nginx:alpine
+ depends_on:
+ - app
+ volumes:
+ - ./nginx-plain.conf:/etc/nginx/conf.d/default.conf
+ # Or with tls
+ # - ./nginx-tls.conf:/etc/nginx/conf.d/default.conf
+ ports:
+ - 80:80
--- a/examples/nginx/nginx-plain.conf
+++ b/examples/nginx/nginx-plain.conf
@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+ server_name _;
+
+ location / {
+ proxy_pass http://app:5000/;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}
--- a/examples/nginx/nginx-tls.conf
+++ b/examples/nginx/nginx-tls.conf
@ -0,0 +1,29 @@
+# You should change the server_name to something sensible.
+# Also you need to specify the path to the ssl certificates.
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name _;
+
+ # Enforce HTTPS
+ return 301 https://$server_name$request_uri;
+}
+
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name _;
+
+ ssl_certificate /path/to/fullchain.pem;
+ ssl_certificate_key /path/to/privkey.pem;
+ ssl_trusted_certificate /path/to/fullchain.pem;
+
+ location / {
+ proxy_pass http://app:5000/;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}