Update nginx config

vectornguyen76 · Dec 1, 2023 · cfac329 · cfac329
1 parent 8be7f3d
commit cfac329
Show file tree

Hide file tree

Showing 4 changed files with 145 additions and 19 deletions.
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -1,22 +1,22 @@
 version: "3"
 services:
-  # triton_server:
-  #   container_name: triton_server
-  #   image: nvcr.io/nvidia/tritonserver:23.01-py3
-  #   ports:
-  #     - 9000:8000
-  #     - 9001:8001
-  #     - 9002:8002
-  #   command: tritonserver --model-repository=/models
-  #   volumes:
-  #     - ./image-search-engine/model_repository:/models
-  #   deploy:
-  #     resources:
-  #       reservations:
-  #         devices:
-  #           - driver: nvidia
-  #             count: 1
-  #             capabilities: [gpu]
+  triton_server:
+    container_name: triton_server
+    image: nvcr.io/nvidia/tritonserver:23.01-py3
+    ports:
+      - 9000:8000
+      - 9001:8001
+      - 9002:8002
+    command: tritonserver --model-repository=/models
+    volumes:
+      - ./image-search-engine/model_repository:/models
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: 1
+              capabilities: [gpu]
 
   qdrant_db:
     container_name: qdrant_db
@@ -117,7 +117,7 @@ services:
     ports:
       - 5000:5000
     volumes:
-      - ./backend/logs/api.log:/app/logs/api.log
+      - ./backend/logs:/app/logs
     depends_on:
       - db_service
 
@@ -135,9 +135,12 @@ services:
     image: nginx:1.25.1-alpine
     ports:
       - 80:80
+      - 443:443
     volumes:
       - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
       - ./nginx/log:/var/log/nginx/
+      - ./nginx/certificates:/etc/nginx/ssl
+      - ./nginx/certificates/bot:/etc/nginx/ssl/bot
     depends_on:
       - frontend_service
       - backend_service

diff --git a/frontend/.env.production b/frontend/.env.production
@@ -1 +1 @@
-NEXT_PUBLIC_API_URL=http://search.vectornguyen.com/backend
+NEXT_PUBLIC_API_URL=https://search.vectornguyen.com/backend
diff --git a/nginx/README.md b/nginx/README.md
@@ -0,0 +1,106 @@
+# Set Up SSL Certificate on Ubuntu Server
+
+This guide provides instructions for setting up an SSL certificate on an Ubuntu Server using Docker, Nginx, and Certbot.
+
+## Prerequisites
+
+- Docker and Docker Compose installed
+- Ubuntu Server with sudo privileges
+- Domain name pointing to your server's IP address
+
+## Steps
+
+### 1. Build Docker Image
+
+```bash
+docker compose build
+```
+
+### 2. Update and Upgrade Ubuntu Packages
+
+```bash
+sudo apt-get update
+sudo apt-get upgrade
+```
+
+### 3. Create Directories for Certificates
+
+```bash
+mkdir -p certificates
+mkdir -p certificates/bot
+```
+
+### 4. Initialize Temporary Self-Signed Certificate
+
+Generate a temporary self-signed certificate to ensure Nginx runs initially.
+
+```bash
+cd certificates
+openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout privkey.pem -out fullchain.pem
+cd ..
+```
+
+### 5. Copy Configuration Files to Server
+
+Place your `default.conf` and `docker-compose.yaml` in the project's root directory.
+
+### 6. Start Application
+
+```bash
+docker compose up -d
+```
+
+### 7. Install Certbot
+
+```bash
+sudo apt install certbot
+```
+
+### 8. Generate Let's Encrypt Certificate
+
+Replace `[PATH]` with your certificates directory path and `[DOMAIN_NAME]` with your domain name.
+
+```bash
+sudo certbot certonly --webroot -w [PATH]/certificates/bot -d [DOMAIN_NAME]
+```
+
+Example:
+
+```bash
+sudo certbot certonly --webroot -w /home/ubuntu/search-engine-shopee/nginx/certificates/bot -d search.vectornguyen.com
+```
+
+### 9. Copy Generated Certificates
+
+Copy the Let's Encrypt certificates to your certificates directory.
+
+```bash
+sudo cp /etc/letsencrypt/archive/[DOMAIN_NAME]/fullchain1.pem [PATH]/certificates/fullchain.pem
+sudo cp /etc/letsencrypt/archive/[DOMAIN_NAME]/privkey1.pem [PATH]/certificates/privkey.pem
+```
+
+Example:
+
+```bash
+sudo cp /etc/letsencrypt/archive/search.vectornguyen.com/fullchain1.pem /home/ubuntu/search-engine-shopee/nginx/certificates/fullchain.pem
+sudo cp /etc/letsencrypt/archive/search.vectornguyen.com/privkey1.pem /home/ubuntu/search-engine-shopee/nginx/certificates/privkey.pem
+```
+
+### 10. Restart Microservice Application
+
+```bash
+docker compose restart
+```
+
+### 11. Renew Certificates
+
+Regularly renew certificates close to expiration.
+
+```bash
+sudo certbot renew
+```
+
+## Notes
+
+- Ensure your domain name is correctly configured to point to your server's IP.
+- Regularly check for certificate expiration and renew as needed.
diff --git a/nginx/default.conf b/nginx/default.conf
@@ -7,8 +7,25 @@ upstream backend {
 
 server {
     listen 80;
+    server_name search.vectornguyen.com;
     client_max_body_size 16M;
 
+    location ^~ /.well-known {
+        root /etc/nginx/ssl/bot;
+    }
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name search.vectornguyen.com;
+    client_max_body_size 16M;
+
+    ssl_certificate     /etc/nginx/ssl/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+
     location / {
         proxy_pass http://frontend;