From 18e7287a172e58de1e8a1899f509ab47e518acaf Mon Sep 17 00:00:00 2001 From: Andrija Stevanovic Date: Sun, 8 Mar 2026 16:51:43 +0100 Subject: [PATCH] deploy adaptation for vps --- deploy/.env.example | 2 +- deploy/docker-compose.yml | 40 +++++++++++-------------------- deploy/nginx/aips-global.conf | 45 +++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 27 deletions(-) create mode 100644 deploy/nginx/aips-global.conf diff --git a/deploy/.env.example b/deploy/.env.example index 77e7bc4..54c3f0c 100644 --- a/deploy/.env.example +++ b/deploy/.env.example @@ -1,4 +1,4 @@ -# PostgreSQL +# PostgreSQL (shared VPS instance — create DB/user manually) POSTGRES_DB=aips_db POSTGRES_USER=aips_user POSTGRES_PASSWORD=CHANGE_ME_strong_password_here diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index 8b685dd..3de064a 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -1,20 +1,4 @@ services: - postgres: - image: postgres:18 - container_name: aips-postgres - restart: unless-stopped - environment: - POSTGRES_DB: ${POSTGRES_DB} - POSTGRES_USER: ${POSTGRES_USER} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} - volumes: - - pgdata:/var/lib/postgresql/data - healthcheck: - test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"] - interval: 5s - timeout: 5s - retries: 5 - rabbitmq: image: rabbitmq:3-management container_name: aips-rabbitmq @@ -23,8 +7,6 @@ services: RABBITMQ_DEFAULT_USER: ${RABBITMQ_DEFAULT_USER} RABBITMQ_DEFAULT_PASS: ${RABBITMQ_DEFAULT_PASS} RABBITMQ_DEFAULT_VHOST: ${RABBITMQ_DEFAULT_VHOST} - ports: - - "15672:15672" volumes: - rabbitmqdata:/var/lib/rabbitmq healthcheck: @@ -50,9 +32,10 @@ services: JWT_KEY: "${JWT_KEY}" JWT_EXPIRATION_MINUTES: "${JWT_EXPIRATION_MINUTES}" JWT_REFRESH_TOKEN_EXPIRATION_DAYS: "${JWT_REFRESH_TOKEN_EXPIRATION_DAYS}" + networks: + - default + - back_network depends_on: - postgres: - condition: service_healthy rabbitmq: condition: service_healthy @@ -73,9 +56,10 @@ services: JWT_KEY: "${JWT_KEY}" JWT_EXPIRATION_MINUTES: "${JWT_EXPIRATION_MINUTES}" JWT_REFRESH_TOKEN_EXPIRATION_DAYS: "${JWT_REFRESH_TOKEN_EXPIRATION_DAYS}" + networks: + - default + - back_network depends_on: - postgres: - condition: service_healthy rabbitmq: condition: service_healthy @@ -92,9 +76,10 @@ services: JWT_ISSUER: "${JWT_ISSUER}" JWT_AUDIENCE: "${JWT_AUDIENCE}" JWT_KEY: "${JWT_KEY}" + networks: + - default + - back_network depends_on: - postgres: - condition: service_healthy rabbitmq: condition: service_healthy @@ -105,11 +90,14 @@ services: container_name: aips-nginx restart: unless-stopped ports: - - "80:80" + - "8090:80" depends_on: - webapi - rt +networks: + back_network: + external: true + volumes: - pgdata: rabbitmqdata: diff --git a/deploy/nginx/aips-global.conf b/deploy/nginx/aips-global.conf new file mode 100644 index 0000000..f111146 --- /dev/null +++ b/deploy/nginx/aips-global.conf @@ -0,0 +1,45 @@ +server { + listen 80; + server_name aips.stewki.com; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name aips.stewki.com; + + ssl_certificate /etc/letsencrypt/live/aips.stewki.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/aips.stewki.com/privkey.pem; + + client_max_body_size 10M; + + location / { + proxy_pass http://host.docker.internal:8090; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /hubs/ { + proxy_pass http://host.docker.internal:8090; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + } +}