diff --git a/.env.example b/.env.example index 0ef4d2191..90efa8b41 100644 --- a/.env.example +++ b/.env.example @@ -15,12 +15,15 @@ RABBITMQ_USER="plane" RABBITMQ_PASSWORD="plane" RABBITMQ_VHOST="plane" +LISTEN_HTTP_PORT=80 +LISTEN_HTTPS_PORT=443 + # AWS Settings AWS_REGION="" AWS_ACCESS_KEY_ID="access-key" AWS_SECRET_ACCESS_KEY="secret-key" AWS_S3_ENDPOINT_URL="http://plane-minio:9000" -# Changing this requires change in the nginx.conf for uploads if using minio setup +# Changing this requires change in the proxy config for uploads if using minio setup AWS_S3_BUCKET_NAME="uploads" # Maximum file upload limit FILE_SIZE_LIMIT=5242880 @@ -36,8 +39,15 @@ DOCKERIZED=1 # deprecated # set to 1 If using the pre-configured minio setup USE_MINIO=1 -# Nginx Configuration -NGINX_PORT=80 +# If SSL Cert to be generated, set CERT_EMAIl="email " +CERT_ACME_CA=https://acme-v02.api.letsencrypt.org/directory +TRUSTED_PROXIES=0.0.0.0/0 +SITE_ADDRESS=:80 +CERT_EMAIL= + +# For DNS Challenge based certificate generation, set the CERT_ACME_DNS, CERT_EMAIL +# CERT_ACME_DNS="acme_dns " +CERT_ACME_DNS= # Force HTTPS for handling SSL Termination MINIO_ENDPOINT_SSL=0 diff --git a/apps/api/.env.example b/apps/api/.env.example index 7fdffd179..f158e3d7c 100644 --- a/apps/api/.env.example +++ b/apps/api/.env.example @@ -28,7 +28,7 @@ AWS_REGION="" AWS_ACCESS_KEY_ID="access-key" AWS_SECRET_ACCESS_KEY="secret-key" AWS_S3_ENDPOINT_URL="http://localhost:9000" -# Changing this requires change in the nginx.conf for uploads if using minio setup +# Changing this requires change in the proxy config for uploads if using minio setup AWS_S3_BUCKET_NAME="uploads" # Maximum file upload limit FILE_SIZE_LIMIT=5242880 @@ -39,8 +39,7 @@ DOCKERIZED=1 # deprecated # set to 1 If using the pre-configured minio setup USE_MINIO=0 -# Nginx Configuration -NGINX_PORT=80 + # Email redirections and minio domain settings WEB_URL="http://localhost:8000" diff --git a/deployments/cli/community/README.md b/deployments/cli/community/README.md index ba7af0e6c..8cec0f72b 100644 --- a/deployments/cli/community/README.md +++ b/deployments/cli/community/README.md @@ -144,11 +144,11 @@ Again the `options [1-7]` will be popped up, and this time hit `7` to exit. Before proceeding, we suggest used to review `.env` file and set the values. Below are the most import keys you must refer to. _You can use any text editor to edit this file_. -> `NGINX_PORT` - This is default set to `80`. Make sure the port you choose to use is not preoccupied. (e.g `NGINX_PORT=8080`) +> `LISTEN_HTTP_PORT` - This is default set to `80`. Make sure the port you choose to use is not preoccupied. (e.g `LISTEN_HTTP_PORT=8080`) -> `WEB_URL` - This is default set to `http://localhost`. Change this to the FQDN you plan to use along with NGINX_PORT (eg. `https://plane.example.com:8080` or `http://[IP-ADDRESS]:8080`) +> `WEB_URL` - This is default set to `http://localhost`. Change this to the FQDN you plan to use along with LISTEN_HTTP_PORT (eg. `https://plane.example.com:8080` or `http://[IP-ADDRESS]:8080`) -> `CORS_ALLOWED_ORIGINS` - This is default set to `http://localhost`. Change this to the FQDN you plan to use along with NGINX_PORT (eg. `https://plane.example.com:8080` or `http://[IP-ADDRESS]:8080`) +> `CORS_ALLOWED_ORIGINS` - This is default set to `http://localhost`. Change this to the FQDN you plan to use along with LISTEN_HTTP_PORT (eg. `https://plane.example.com:8080` or `http://[IP-ADDRESS]:8080`) There are many other settings you can play with, but we suggest you configure `EMAIL SETTINGS` as it will enable you to invite your teammates onto the platform. diff --git a/deployments/cli/community/build.yml b/deployments/cli/community/build.yml index 4a9d3d11a..f7fc6a545 100644 --- a/deployments/cli/community/build.yml +++ b/deployments/cli/community/build.yml @@ -32,5 +32,5 @@ services: proxy: image: ${DOCKERHUB_USER:-local}/plane-proxy:${APP_RELEASE:-latest} build: - context: ../../nginx - dockerfile: Dockerfile + context: ../../apps/proxy + dockerfile: Dockerfile.ce diff --git a/deployments/cli/community/docker-compose.yml b/deployments/cli/community/docker-compose.yml index 41940ea8a..e9cfce2ff 100644 --- a/deployments/cli/community/docker-compose.yml +++ b/deployments/cli/community/docker-compose.yml @@ -30,8 +30,8 @@ x-proxy-env: &proxy-env CERT_EMAIL: ${CERT_EMAIL} CERT_ACME_CA: ${CERT_ACME_CA} CERT_ACME_DNS: ${CERT_ACME_DNS} - LISTEN_HTTP_PORT: ${LISTEN_PORT:-80} - LISTEN_HTTPS_PORT: ${LISTEN_SSL_PORT:-443} + LISTEN_HTTP_PORT: ${LISTEN_HTTP_PORT:-80} + LISTEN_HTTPS_PORT: ${LISTEN_HTTPS_PORT:-443} BUCKET_NAME: ${AWS_S3_BUCKET_NAME:-uploads} SITE_ADDRESS: ${SITE_ADDRESS:-:80} diff --git a/deployments/cli/community/variables.env b/deployments/cli/community/variables.env index 0edda2a89..66265f9a1 100644 --- a/deployments/cli/community/variables.env +++ b/deployments/cli/community/variables.env @@ -10,8 +10,9 @@ WORKER_REPLICAS=1 BEAT_WORKER_REPLICAS=1 LIVE_REPLICAS=1 -LISTEN_PORT=80 -LISTEN_SSL_PORT=443 +LISTEN_HTTP_PORT=80 +LISTEN_HTTPS_PORT=443 + WEB_URL=http://${APP_DOMAIN} DEBUG=0 CORS_ALLOWED_ORIGINS=http://${APP_DOMAIN} diff --git a/docker-compose-local.yml b/docker-compose-local.yml index ef6642112..2a9b80c46 100644 --- a/docker-compose-local.yml +++ b/docker-compose-local.yml @@ -199,13 +199,14 @@ services: # proxy: # build: - # context: ./nginx - # dockerfile: Dockerfile.dev + # context: ./apps/proxy + # dockerfile: Dockerfile.ce # restart: unless-stopped # networks: # - dev_env # ports: - # - ${NGINX_PORT}:80 + # - ${LISTEN_HTTP_PORT}:80 + # - ${LISTEN_HTTPS_PORT}:443 # env_file: # - .env # environment: diff --git a/docker-compose.yml b/docker-compose.yml index e584ac697..05b1f4fc9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -155,11 +155,12 @@ services: proxy: container_name: proxy build: - context: ./nginx - dockerfile: Dockerfile + context: ./apps/proxy + dockerfile: Dockerfile.ce restart: always ports: - - ${NGINX_PORT}:80 + - ${LISTEN_HTTP_PORT}:80 + - ${LISTEN_HTTPS_PORT}:443 environment: FILE_SIZE_LIMIT: ${FILE_SIZE_LIMIT:-5242880} BUCKET_NAME: ${AWS_S3_BUCKET_NAME:-uploads} diff --git a/nginx/.prettierignore b/nginx/.prettierignore deleted file mode 100644 index 6aea6684d..000000000 --- a/nginx/.prettierignore +++ /dev/null @@ -1 +0,0 @@ -nginx.conf.template \ No newline at end of file diff --git a/nginx/Dockerfile b/nginx/Dockerfile deleted file mode 100644 index b1aef1a20..000000000 --- a/nginx/Dockerfile +++ /dev/null @@ -1,10 +0,0 @@ -FROM nginx:1.25.0-alpine - -RUN rm /etc/nginx/conf.d/default.conf -COPY nginx.conf.template /etc/nginx/nginx.conf.template - -COPY ./env.sh /docker-entrypoint.sh - -RUN chmod +x /docker-entrypoint.sh -# Update all environment variables -CMD ["/docker-entrypoint.sh"] diff --git a/nginx/Dockerfile.dev b/nginx/Dockerfile.dev deleted file mode 100644 index 4b90c0dd5..000000000 --- a/nginx/Dockerfile.dev +++ /dev/null @@ -1,10 +0,0 @@ -FROM nginx:1.25.0-alpine - -RUN rm /etc/nginx/conf.d/default.conf -COPY nginx.conf.dev /etc/nginx/nginx.conf.template - -COPY ./env.sh /docker-entrypoint.sh - -RUN chmod +x /docker-entrypoint.sh -# Update all environment variables -CMD ["/docker-entrypoint.sh"] diff --git a/nginx/env.sh b/nginx/env.sh deleted file mode 100644 index dbd59d5b7..000000000 --- a/nginx/env.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -export dollar="$" -export http_upgrade="http_upgrade" -export scheme="scheme" -envsubst < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf -exec nginx -g 'daemon off;' diff --git a/nginx/nginx-single-docker-image.conf b/nginx/nginx-single-docker-image.conf deleted file mode 100644 index a087d4e42..000000000 --- a/nginx/nginx-single-docker-image.conf +++ /dev/null @@ -1,30 +0,0 @@ -upstream plane { - server localhost:80; -} - -error_log /var/log/nginx/error.log; - -server { - listen 80; - root /www/data/; - access_log /var/log/nginx/access.log; - location / { - proxy_pass http://localhost:3000/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } - location /api/ { - proxy_pass http://localhost:8000/api/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } - location /spaces/ { - proxy_pass http://localhost:4000/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } -} diff --git a/nginx/nginx.conf.dev b/nginx/nginx.conf.dev deleted file mode 100644 index 7b9498210..000000000 --- a/nginx/nginx.conf.dev +++ /dev/null @@ -1,71 +0,0 @@ -events { -} - -http { - sendfile on; - - server { - listen 80; - root /www/data/; - access_log /var/log/nginx/access.log; - - client_max_body_size ${FILE_SIZE_LIMIT}; - - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-referrer-when-downgrade" always; - add_header Permissions-Policy "interest-cohort=()" always; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Forwarded-Proto "${dollar}scheme"; - add_header X-Forwarded-Host "${dollar}host"; - add_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for"; - add_header X-Real-IP "${dollar}remote_addr"; - - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://web:3000/; - } - - location /god-mode/ { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://admin:3001/god-mode/; - } - - location /api/ { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://api:8000/api/; - } - - location /auth/ { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://api:8000/auth/; - } - - location /spaces/ { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://space:3002/spaces/; - } - - location /${BUCKET_NAME} { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://plane-minio:9000/${BUCKET_NAME}; - } - } -} diff --git a/nginx/nginx.conf.template b/nginx/nginx.conf.template deleted file mode 100644 index 819c00f21..000000000 --- a/nginx/nginx.conf.template +++ /dev/null @@ -1,79 +0,0 @@ -events { -} - -http { - sendfile on; - - server { - listen 80; - root /www/data/; - access_log /var/log/nginx/access.log; - - client_max_body_size ${FILE_SIZE_LIMIT}; - - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-referrer-when-downgrade" always; - add_header Permissions-Policy "interest-cohort=()" always; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Forwarded-Proto "${dollar}scheme"; - add_header X-Forwarded-Host "${dollar}host"; - add_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for"; - add_header X-Real-IP "${dollar}remote_addr"; - - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://web:3000/; - } - - location /api/ { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://api:8000/api/; - } - - location /auth/ { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://api:8000/auth/; - } - - location /god-mode/ { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://admin:3000/god-mode/; - } - - location /live/ { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://live:3000/live/; - } - - location /spaces/ { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://space:3000/spaces/; - } - - location /${BUCKET_NAME} { - proxy_http_version 1.1; - proxy_set_header Upgrade ${dollar}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${dollar}http_host; - proxy_pass http://plane-minio:9000/${BUCKET_NAME}; - } - } -}