From cfac3292e7720975543b35e92aa1427c0ad182a2 Mon Sep 17 00:00:00 2001 From: Vector Nguyen Date: Fri, 1 Dec 2023 16:22:01 +0000 Subject: [PATCH] Update nginx config --- docker-compose.yaml | 39 +++++++------- frontend/.env.production | 2 +- nginx/README.md | 106 +++++++++++++++++++++++++++++++++++++++ nginx/default.conf | 17 +++++++ 4 files changed, 145 insertions(+), 19 deletions(-) create mode 100644 nginx/README.md diff --git a/docker-compose.yaml b/docker-compose.yaml index 7ce316c..f91f1b0 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,22 +1,22 @@ version: "3" services: - # triton_server: - # container_name: triton_server - # image: nvcr.io/nvidia/tritonserver:23.01-py3 - # ports: - # - 9000:8000 - # - 9001:8001 - # - 9002:8002 - # command: tritonserver --model-repository=/models - # volumes: - # - ./image-search-engine/model_repository:/models - # deploy: - # resources: - # reservations: - # devices: - # - driver: nvidia - # count: 1 - # capabilities: [gpu] + triton_server: + container_name: triton_server + image: nvcr.io/nvidia/tritonserver:23.01-py3 + ports: + - 9000:8000 + - 9001:8001 + - 9002:8002 + command: tritonserver --model-repository=/models + volumes: + - ./image-search-engine/model_repository:/models + deploy: + resources: + reservations: + devices: + - driver: nvidia + count: 1 + capabilities: [gpu] qdrant_db: container_name: qdrant_db @@ -117,7 +117,7 @@ services: ports: - 5000:5000 volumes: - - ./backend/logs/api.log:/app/logs/api.log + - ./backend/logs:/app/logs depends_on: - db_service @@ -135,9 +135,12 @@ services: image: nginx:1.25.1-alpine ports: - 80:80 + - 443:443 volumes: - ./nginx/default.conf:/etc/nginx/conf.d/default.conf - ./nginx/log:/var/log/nginx/ + - ./nginx/certificates:/etc/nginx/ssl + - ./nginx/certificates/bot:/etc/nginx/ssl/bot depends_on: - frontend_service - backend_service diff --git a/frontend/.env.production b/frontend/.env.production index 01aa1bb..2d6de29 100644 --- a/frontend/.env.production +++ b/frontend/.env.production @@ -1 +1 @@ -NEXT_PUBLIC_API_URL=http://search.vectornguyen.com/backend +NEXT_PUBLIC_API_URL=https://search.vectornguyen.com/backend diff --git a/nginx/README.md b/nginx/README.md new file mode 100644 index 0000000..162c0ff --- /dev/null +++ b/nginx/README.md @@ -0,0 +1,106 @@ +# Set Up SSL Certificate on Ubuntu Server + +This guide provides instructions for setting up an SSL certificate on an Ubuntu Server using Docker, Nginx, and Certbot. + +## Prerequisites + +- Docker and Docker Compose installed +- Ubuntu Server with sudo privileges +- Domain name pointing to your server's IP address + +## Steps + +### 1. Build Docker Image + +```bash +docker compose build +``` + +### 2. Update and Upgrade Ubuntu Packages + +```bash +sudo apt-get update +sudo apt-get upgrade +``` + +### 3. Create Directories for Certificates + +```bash +mkdir -p certificates +mkdir -p certificates/bot +``` + +### 4. Initialize Temporary Self-Signed Certificate + +Generate a temporary self-signed certificate to ensure Nginx runs initially. + +```bash +cd certificates +openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout privkey.pem -out fullchain.pem +cd .. +``` + +### 5. Copy Configuration Files to Server + +Place your `default.conf` and `docker-compose.yaml` in the project's root directory. + +### 6. Start Application + +```bash +docker compose up -d +``` + +### 7. Install Certbot + +```bash +sudo apt install certbot +``` + +### 8. Generate Let's Encrypt Certificate + +Replace `[PATH]` with your certificates directory path and `[DOMAIN_NAME]` with your domain name. + +```bash +sudo certbot certonly --webroot -w [PATH]/certificates/bot -d [DOMAIN_NAME] +``` + +Example: + +```bash +sudo certbot certonly --webroot -w /home/ubuntu/search-engine-shopee/nginx/certificates/bot -d search.vectornguyen.com +``` + +### 9. Copy Generated Certificates + +Copy the Let's Encrypt certificates to your certificates directory. + +```bash +sudo cp /etc/letsencrypt/archive/[DOMAIN_NAME]/fullchain1.pem [PATH]/certificates/fullchain.pem +sudo cp /etc/letsencrypt/archive/[DOMAIN_NAME]/privkey1.pem [PATH]/certificates/privkey.pem +``` + +Example: + +```bash +sudo cp /etc/letsencrypt/archive/search.vectornguyen.com/fullchain1.pem /home/ubuntu/search-engine-shopee/nginx/certificates/fullchain.pem +sudo cp /etc/letsencrypt/archive/search.vectornguyen.com/privkey1.pem /home/ubuntu/search-engine-shopee/nginx/certificates/privkey.pem +``` + +### 10. Restart Microservice Application + +```bash +docker compose restart +``` + +### 11. Renew Certificates + +Regularly renew certificates close to expiration. + +```bash +sudo certbot renew +``` + +## Notes + +- Ensure your domain name is correctly configured to point to your server's IP. +- Regularly check for certificate expiration and renew as needed. diff --git a/nginx/default.conf b/nginx/default.conf index f5a536a..8e15aba 100644 --- a/nginx/default.conf +++ b/nginx/default.conf @@ -7,8 +7,25 @@ upstream backend { server { listen 80; + server_name search.vectornguyen.com; client_max_body_size 16M; + location ^~ /.well-known { + root /etc/nginx/ssl/bot; + } + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name search.vectornguyen.com; + client_max_body_size 16M; + + ssl_certificate /etc/nginx/ssl/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/privkey.pem; + location / { proxy_pass http://frontend;