From 85d42f3908fa1d4403b83f1ab8ca8ec48dfd73bf Mon Sep 17 00:00:00 2001 From: Mohamed Marrouchi Date: Fri, 13 Sep 2024 08:22:05 +0100 Subject: [PATCH] refactor: nginx --- api/src/config/index.ts | 2 +- .../channels/offline/__test__/events.mock.ts | 2 +- docker/.env.example | 29 ++-- docker/docker-compose.nginx.dev.yml | 2 +- docker/docker-compose.nginx.prod.yml | 2 +- docker/docker-compose.nginx.yml | 4 +- docker/init-letsencrypt.sh | 6 +- .../{default.conf => default.conf.template} | 8 +- docker/nginx/secure/fastcgi.conf | 20 --- docker/nginx/secure/mime.types | 139 ------------------ docker/nginx/secure/nginx.conf | 39 ----- .../{default.conf => default.conf.template} | 2 +- docker/nginx/unsecure/fastcgi.conf | 20 --- docker/nginx/unsecure/mime.types | 139 ------------------ docker/nginx/unsecure/nginx.conf | 39 ----- 15 files changed, 31 insertions(+), 422 deletions(-) rename docker/nginx/secure/{default.conf => default.conf.template} (90%) delete mode 100644 docker/nginx/secure/fastcgi.conf delete mode 100644 docker/nginx/secure/mime.types delete mode 100644 docker/nginx/secure/nginx.conf rename docker/nginx/unsecure/{default.conf => default.conf.template} (98%) delete mode 100644 docker/nginx/unsecure/fastcgi.conf delete mode 100644 docker/nginx/unsecure/mime.types delete mode 100644 docker/nginx/unsecure/nginx.conf diff --git a/api/src/config/index.ts b/api/src/config/index.ts index 8a6e7fb9..fd1337ee 100644 --- a/api/src/config/index.ts +++ b/api/src/config/index.ts @@ -121,7 +121,7 @@ export const config: Config = { email: { main: 'postmaster@sandbox9471202ff10448c7ac917618fe94d8e1.mailgun.org', }, - appName: 'Hexabot.io', + appName: 'Hexabot.ai', apiUrl: 'http://localhost:4000', appUrl: 'http://localhost:8081', geocoder: { diff --git a/api/src/extensions/channels/offline/__test__/events.mock.ts b/api/src/extensions/channels/offline/__test__/events.mock.ts index 5dc206c0..0c17c73e 100644 --- a/api/src/extensions/channels/offline/__test__/events.mock.ts +++ b/api/src/extensions/channels/offline/__test__/events.mock.ts @@ -16,7 +16,7 @@ import { import { Offline } from '../types'; const img_url = - 'http://demo.hexabot.io/attachment/download/5c334078e2c41d11206bd152/myimage.png'; + 'http://demo.hexabot.ai/attachment/download/5c334078e2c41d11206bd152/myimage.png'; // Offline events const offlineEventPayload: Offline.Event = { diff --git a/docker/.env.example b/docker/.env.example index 94311370..33347086 100644 --- a/docker/.env.example +++ b/docker/.env.example @@ -1,15 +1,12 @@ # API & Common NODE_ENV=dev +APP_DOMAIN=localhost +SSL_EMAIL=hello@hexabot.ai API_PORT=4000 -APP_MONGO_EXPRESS_PORT=9000 -APP_SMTP_4_DEV_PORT=9002 APP_SCRIPT_COMPODOC_PORT=9003 -API_ORIGIN=http://localhost:4000 -FRONTEND_ORIGIN=http://localhost:8080,http://localhost:8081,http://localhost:5173,http://localhost,http://localhost/*,* -MONGO_USER=dev_only -MONGO_PASSWORD=dev_only -MONGO_URI=mongodb://dev_only:dev_only@mongo:27017/ -MONGO_DB=hexabot +NEXT_PUBLIC_API_ORIGIN=http://${APP_DOMAIN}:${API_PORT} +API_ORIGIN=http://${APP_DOMAIN}:${API_PORT} +FRONTEND_ORIGIN=http://${APP_DOMAIN}:8080,http://${APP_DOMAIN}:8081,http://${APP_DOMAIN}:5173,http://${APP_DOMAIN},http://${APP_DOMAIN}/*,* JWT_SECRET=dev_only JWT_EXPIRES_IN=60 SALT_LENGTH=12 @@ -25,12 +22,22 @@ PASSWORD_RESET_EXPIRES_IN=1h CONFIRM_ACCOUNT_SECRET=dev_only CONFIRM_ACCOUNT_EXPIRES_IN=1h FRONTEND_DOCKER_IMAGE=linuxtry +I18N_TRANSLATION_FILENAME=messages + +# Mongo configs +APP_MONGO_EXPRESS_PORT=9000 +MONGO_USER=dev_only +MONGO_PASSWORD=dev_only +MONGO_URI=mongodb://dev_only:dev_only@mongo:27017/ +MONGO_DB=hexabot + +# SMTP Config for local dev env +APP_SMTP_4_DEV_PORT=9002 EMAIL_SMTP_HOST=smtp4dev EMAIL_SMTP_PORT=25 EMAIL_SMTP_SECURE=false EMAIL_SMTP_USER=dev_only EMAIL_SMTP_PASS=dev_only -I18N_TRANSLATION_FILENAME=messages # NLU Server AUTH_TOKEN=token123 @@ -42,11 +49,11 @@ NLP_PORT=5000 # Frontend (Next.js) APP_FRONTEND_PORT=8080 -NEXT_PUBLIC_API_ORIGIN=http://localhost:4000/ +NEXT_PUBLIC_API_ORIGIN=http://${APP_DOMAIN}:4000/ NEXT_PUBLIC_SSO_ENABLED=false # Widget APP_WIDGET_PORT=5173 -REACT_APP_WIDGET_API_URL=http://localhost:4000 +REACT_APP_WIDGET_API_URL=http://${APP_DOMAIN}:4000 REACT_APP_WIDGET_CHANNEL=offline REACT_APP_WIDGET_TOKEN=token123 diff --git a/docker/docker-compose.nginx.dev.yml b/docker/docker-compose.nginx.dev.yml index 0fcb0c91..43084eb1 100644 --- a/docker/docker-compose.nginx.dev.yml +++ b/docker/docker-compose.nginx.dev.yml @@ -4,5 +4,5 @@ services: nginx: container_name: nginx volumes: - - ./nginx/unsecure/:/etc/nginx:ro + - ./nginx/unsecure/:/etc/nginx/templates/ - /etc/localtime:/etc/localtime:ro diff --git a/docker/docker-compose.nginx.prod.yml b/docker/docker-compose.nginx.prod.yml index 0f894745..aa158bfd 100644 --- a/docker/docker-compose.nginx.prod.yml +++ b/docker/docker-compose.nginx.prod.yml @@ -4,7 +4,7 @@ services: nginx: container_name: nginx volumes: - - ./nginx/secure/:/etc/nginx:ro + - ./nginx/secure/:/etc/nginx/templates/ - /etc/localtime:/etc/localtime:ro - ./nginx/certbot/conf:/etc/letsencrypt - ./nginx/certbot/www:/var/www/certbot diff --git a/docker/docker-compose.nginx.yml b/docker/docker-compose.nginx.yml index 59196917..508847d0 100644 --- a/docker/docker-compose.nginx.yml +++ b/docker/docker-compose.nginx.yml @@ -5,14 +5,12 @@ services: container_name: nginx image: nginx:latest restart: unless-stopped + env_file: .env networks: - app-network ports: - 80:80 - 443:443 - volumes: - - ./nginx/unsecure/:/etc/nginx:ro - - /etc/localtime:/etc/localtime:ro depends_on: - api - hexabot-frontend diff --git a/docker/init-letsencrypt.sh b/docker/init-letsencrypt.sh index 1f315014..126d9305 100755 --- a/docker/init-letsencrypt.sh +++ b/docker/init-letsencrypt.sh @@ -10,11 +10,11 @@ if ! [ -x "$(command -v docker compose)" ]; then exit 1 fi -domains=(demo.hexabot.io) +domains=(${APP_DOMAIN:-example.hexabot.ai}) rsa_key_size=4096 data_path="./nginx/certbot" -email="contact@hexastack.com" # Adding a valid address is strongly recommended -staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits +email="${SSL_EMAIL:-hello@hexabot.ai}" # Adding a valid address is strongly recommended +staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits if [ -d "$data_path" ]; then read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision diff --git a/docker/nginx/secure/default.conf b/docker/nginx/secure/default.conf.template similarity index 90% rename from docker/nginx/secure/default.conf rename to docker/nginx/secure/default.conf.template index 0b0c6d05..1ea790c7 100644 --- a/docker/nginx/secure/default.conf +++ b/docker/nginx/secure/default.conf.template @@ -1,6 +1,6 @@ server { listen 80; - server_name demo.hexabot.io; + server_name $APP_DOMAIN; location / { return 301 https://$host$request_uri; @@ -13,12 +13,12 @@ server { server { listen 443 ssl; - server_name demo.hexabot.io; + server_name $APP_DOMAIN; server_tokens off; client_max_body_size 20M; - ssl_certificate /etc/letsencrypt/live/demo.hexabot.io/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/demo.hexabot.io/privkey.pem; + ssl_certificate /etc/letsencrypt/live/$APP_DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$APP_DOMAIN/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; diff --git a/docker/nginx/secure/fastcgi.conf b/docker/nginx/secure/fastcgi.conf deleted file mode 100644 index 1384fae3..00000000 --- a/docker/nginx/secure/fastcgi.conf +++ /dev/null @@ -1,20 +0,0 @@ -fastcgi_param CONTENT_LENGTH $content_length; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REDIRECT_STATUS 200; -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_NAME $server_name; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_index index.php; \ No newline at end of file diff --git a/docker/nginx/secure/mime.types b/docker/nginx/secure/mime.types deleted file mode 100644 index 03dde448..00000000 --- a/docker/nginx/secure/mime.types +++ /dev/null @@ -1,139 +0,0 @@ -types { - - # Data interchange - - application/atom+xml atom; - application/json json map topojson; - application/ld+json jsonld; - application/rss+xml rss; - # Normalize to standard type. - # https://tools.ietf.org/html/rfc7946#section-12 - application/geo+json geojson; - application/xml xml; - # Normalize to standard type. - # https://tools.ietf.org/html/rfc3870#section-2 - application/rdf+xml rdf; - - - # JavaScript - - # Servers should use text/javascript for JavaScript resources. - # https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages - text/javascript js mjs; - application/wasm wasm; - - - # Manifest files - - application/manifest+json webmanifest; - application/x-web-app-manifest+json webapp; - text/cache-manifest appcache; - - - # Media files - - audio/midi mid midi kar; - audio/mp4 aac f4a f4b m4a; - audio/mpeg mp3; - audio/ogg oga ogg opus; - audio/x-realaudio ra; - audio/x-wav wav; - image/apng apng; - image/avif avif avifs; - image/bmp bmp; - image/gif gif; - image/jpeg jpeg jpg; - image/jxl jxl; - image/jxr jxr hdp wdp; - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-jng jng; - video/3gpp 3gp 3gpp; - video/mp4 f4p f4v m4v mp4; - video/mpeg mpeg mpg; - video/ogg ogv; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-mng mng; - video/x-ms-asf asf asx; - video/x-msvideo avi; - - # Serving `.ico` image files with a different media type - # prevents Internet Explorer from displaying then as images: - # https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee - - image/x-icon cur ico; - - - # Microsoft Office - - application/msword doc; - application/vnd.ms-excel xls; - application/vnd.ms-powerpoint ppt; - application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; - application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; - - - # Web fonts - - font/woff woff; - font/woff2 woff2; - application/vnd.ms-fontobject eot; - font/ttf ttf; - font/collection ttc; - font/otf otf; - - - # Other - - application/java-archive ear jar war; - application/mac-binhex40 hqx; - application/octet-stream bin deb dll dmg exe img iso msi msm msp safariextz; - application/pdf pdf; - application/postscript ai eps ps; - application/rtf rtf; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.wap.wmlc wmlc; - application/x-7z-compressed 7z; - application/x-bb-appworld bbaw; - application/x-bittorrent torrent; - application/x-chrome-extension crx; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-opera-extension oex; - application/x-perl pl pm; - application/x-pilot pdb prc; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert crt der pem; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xslt+xml xsl; - application/zip zip; - text/calendar ics; - text/css css; - text/csv csv; - text/html htm html shtml; - text/markdown md markdown; - text/mathml mml; - text/plain txt; - text/vcard vcard vcf; - text/vnd.rim.location.xloc xloc; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/vtt vtt; - text/x-component htc; - -} diff --git a/docker/nginx/secure/nginx.conf b/docker/nginx/secure/nginx.conf deleted file mode 100644 index 2fc0b0a0..00000000 --- a/docker/nginx/secure/nginx.conf +++ /dev/null @@ -1,39 +0,0 @@ -worker_processes 1; -user root; - -error_log /dev/stdout info; - -events { - worker_connections 1024; -} - -http { -############# NGINX conf - include /etc/nginx/mime.types; - include /etc/nginx/fastcgi.conf; - proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=7d use_temp_path=off; - - error_log /dev/stdout info; - - sendfile on; - tcp_nopush on; - server_names_hash_bucket_size 128; - -############## Let NGINX see client real IPs - real_ip_header X-Forwarded-For; - -############## NGINX security - client_body_buffer_size 10K; - client_body_timeout 12; - client_header_buffer_size 1k; - client_header_timeout 12; - client_max_body_size 8M; - keepalive_timeout 15; - large_client_header_buffers 4 8k; - proxy_hide_header X-Powered-By; - send_timeout 10; - server_tokens off; - -############# Custom conf - include /etc/nginx/default.conf; -} diff --git a/docker/nginx/unsecure/default.conf b/docker/nginx/unsecure/default.conf.template similarity index 98% rename from docker/nginx/unsecure/default.conf rename to docker/nginx/unsecure/default.conf.template index d9ec4453..97843f0d 100644 --- a/docker/nginx/unsecure/default.conf +++ b/docker/nginx/unsecure/default.conf.template @@ -1,6 +1,6 @@ server { listen 80; - server_name localhost; + server_name $APP_DOMAIN; server_tokens off; client_max_body_size 20M; diff --git a/docker/nginx/unsecure/fastcgi.conf b/docker/nginx/unsecure/fastcgi.conf deleted file mode 100644 index 1384fae3..00000000 --- a/docker/nginx/unsecure/fastcgi.conf +++ /dev/null @@ -1,20 +0,0 @@ -fastcgi_param CONTENT_LENGTH $content_length; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REDIRECT_STATUS 200; -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_NAME $server_name; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_index index.php; \ No newline at end of file diff --git a/docker/nginx/unsecure/mime.types b/docker/nginx/unsecure/mime.types deleted file mode 100644 index 03dde448..00000000 --- a/docker/nginx/unsecure/mime.types +++ /dev/null @@ -1,139 +0,0 @@ -types { - - # Data interchange - - application/atom+xml atom; - application/json json map topojson; - application/ld+json jsonld; - application/rss+xml rss; - # Normalize to standard type. - # https://tools.ietf.org/html/rfc7946#section-12 - application/geo+json geojson; - application/xml xml; - # Normalize to standard type. - # https://tools.ietf.org/html/rfc3870#section-2 - application/rdf+xml rdf; - - - # JavaScript - - # Servers should use text/javascript for JavaScript resources. - # https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages - text/javascript js mjs; - application/wasm wasm; - - - # Manifest files - - application/manifest+json webmanifest; - application/x-web-app-manifest+json webapp; - text/cache-manifest appcache; - - - # Media files - - audio/midi mid midi kar; - audio/mp4 aac f4a f4b m4a; - audio/mpeg mp3; - audio/ogg oga ogg opus; - audio/x-realaudio ra; - audio/x-wav wav; - image/apng apng; - image/avif avif avifs; - image/bmp bmp; - image/gif gif; - image/jpeg jpeg jpg; - image/jxl jxl; - image/jxr jxr hdp wdp; - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-jng jng; - video/3gpp 3gp 3gpp; - video/mp4 f4p f4v m4v mp4; - video/mpeg mpeg mpg; - video/ogg ogv; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-mng mng; - video/x-ms-asf asf asx; - video/x-msvideo avi; - - # Serving `.ico` image files with a different media type - # prevents Internet Explorer from displaying then as images: - # https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee - - image/x-icon cur ico; - - - # Microsoft Office - - application/msword doc; - application/vnd.ms-excel xls; - application/vnd.ms-powerpoint ppt; - application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; - application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; - - - # Web fonts - - font/woff woff; - font/woff2 woff2; - application/vnd.ms-fontobject eot; - font/ttf ttf; - font/collection ttc; - font/otf otf; - - - # Other - - application/java-archive ear jar war; - application/mac-binhex40 hqx; - application/octet-stream bin deb dll dmg exe img iso msi msm msp safariextz; - application/pdf pdf; - application/postscript ai eps ps; - application/rtf rtf; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.wap.wmlc wmlc; - application/x-7z-compressed 7z; - application/x-bb-appworld bbaw; - application/x-bittorrent torrent; - application/x-chrome-extension crx; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-opera-extension oex; - application/x-perl pl pm; - application/x-pilot pdb prc; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert crt der pem; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xslt+xml xsl; - application/zip zip; - text/calendar ics; - text/css css; - text/csv csv; - text/html htm html shtml; - text/markdown md markdown; - text/mathml mml; - text/plain txt; - text/vcard vcard vcf; - text/vnd.rim.location.xloc xloc; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/vtt vtt; - text/x-component htc; - -} diff --git a/docker/nginx/unsecure/nginx.conf b/docker/nginx/unsecure/nginx.conf deleted file mode 100644 index 2fc0b0a0..00000000 --- a/docker/nginx/unsecure/nginx.conf +++ /dev/null @@ -1,39 +0,0 @@ -worker_processes 1; -user root; - -error_log /dev/stdout info; - -events { - worker_connections 1024; -} - -http { -############# NGINX conf - include /etc/nginx/mime.types; - include /etc/nginx/fastcgi.conf; - proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=7d use_temp_path=off; - - error_log /dev/stdout info; - - sendfile on; - tcp_nopush on; - server_names_hash_bucket_size 128; - -############## Let NGINX see client real IPs - real_ip_header X-Forwarded-For; - -############## NGINX security - client_body_buffer_size 10K; - client_body_timeout 12; - client_header_buffer_size 1k; - client_header_timeout 12; - client_max_body_size 8M; - keepalive_timeout 15; - large_client_header_buffers 4 8k; - proxy_hide_header X-Powered-By; - send_timeout 10; - server_tokens off; - -############# Custom conf - include /etc/nginx/default.conf; -}