negodiy/docker-inventaire
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package and document reverse proxy configuration

Browse Source
This commit is contained in:
jums
2025-02-23 08:42:09 +01:00
parent 75fa3ffa18
commit c14c486a35
4 changed files with 241 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
README.md
View File

@@ -9,7 +9,7 @@ This repository is packaging Inventaire for Docker production environement. To r
- [Requirements](#requirements)
- [Install](#install)
- [Webserver](#webserver)
- [Reverse proxy configuration](#reverse-proxy-configuration)
- [Usage](#usage)
- [Tips](#tips)
- [Fixtures](#fixtures)
@@ -74,7 +74,49 @@ echo "module.exports = {
" > ./inventaire/config/local-production.cjs
```
NB: Those username and password should match the `COUCHDB_USER` and `COUCHDB_PASSWORD` environment variables set in `docker-compose.yml`
## Reverse proxy configuration
Inventaire only provides configuration files for Nginx.
Run dependencies:
```sh
sudo mkdir -p /tmp/nginx/tmp /tmp/nginx/resize/img/users /tmp/nginx/resize/img/groups /tmp/nginx/resize/img/entities /tmp/nginx/resize/img/remote /tmp/nginx/resize/img/assets
```
Install nginx and certbot
Copy the nginx configuration template
```sh
PUBLIC_HOSTNAME=$(grep -oP 'PUBLIC_HOSTNAME=\K.*' .env) PROJECT_ROOT=$(grep -oP 'PROJECT_ROOT=\K.*' .env) envsubst < nginx/templates/default.conf.template > nginx/default
sudo mv nginx/default /etc/nginx/sites-available/default
```
Activate the configuration file
```sh
sudo ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/default.conf
```
To generate the certificate for your domain as required to make https work, you can use Let's Encrypt:
```sh
sudo systemctl stop nginx
sudo certbot certonly --standalone --post-hook "systemctl restart nginx"
sudo systemctl restart nginx
```
When certbot is done, you may uncomment lines starting with `# ssl_certificate` and `# ssl_certificate_key` in `/etc/nginx/sites-available/default.conf` and restart nginx.
Certbot should have installed a cron to automatically renew your certificate.
Since nginx template supports webroot renewal, we suggest you to update the renewal config file to use the webroot authenticator:
```sh
# Replace authenticator = standalone by authenticator = webroot
# Add webroot_path = /var/www/certbot
sudo vim /etc/letsencrypt/renewal/your-domain.com.conf
```
## Usage