IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1220 from gradido/new_deployment

Browse Source 
new_deployment
This commit is contained in:
Ulf Gebhardt 2022-01-13 09:31:43 +01:00 committed by GitHub
commit c50f886d6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
60 changed files with 1048 additions and 515 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/publish.yml vendored
View File

@ -248,7 +248,7 @@ jobs:
##########################################################################
- name: Nginx | Build `production` image
run: |
docker build -t "gradido/nginx:latest" -t "gradido/nginx:production" -t "gradido/nginx:${VERSION}" -t "gradido/nginx:${BUILD_VERSION}" -f ./nginx/Dockerfile ./
docker build -t "gradido/nginx:latest" -t "gradido/nginx:production" -t "gradido/nginx:${VERSION}" -t "gradido/nginx:${BUILD_VERSION}" nginx/
docker save "gradido/nginx" > /tmp/nginx.tar
- name: Upload Artifact
uses: actions/upload-artifact@v2

2
.github/workflows/test.yml vendored
View File

@ -199,7 +199,7 @@ jobs:
##########################################################################
- name: nginx | Build `test` image
run: |
docker build -t "gradido/nginx:test" -f ./nginx/Dockerfile ./
docker build -t "gradido/nginx:test" nginx/
docker save "gradido/nginx:test" > /tmp/nginx.tar
- name: Upload Artifact
uses: actions/upload-artifact@v2

4
.gitignore vendored
View File

@ -5,3 +5,7 @@ nbproject
.metadata
/.env
package-lock.json
/deployment/bare_metal/.env
/deployment/bare_metal/nginx/sites-available/gradido.conf
/deployment/bare_metal/nginx/sites-available/update-page.conf
/deployment/bare_metal/nginx/update-page/updating.html

4
README.md
View File

@ -67,7 +67,7 @@ We are currently restructuring the service to reduce dependencies and unify busi
### Open the wallet
Once you have `docker-compose` up and running, you can open [http://localhost/vue](http://localhost/vue) and create yourself a new wallet account.
Once you have `docker-compose` up and running, you can open [http://localhost/](http://localhost/) and create yourself a new wallet account.
## How to release
@ -90,7 +90,7 @@ Note: The Changelog will be regenerated with all tags on release on the external
| Problem | Issue | Solution | Description |
| ------- | ----- | -------- | ----------- |
| docker-compose raises database connection errors | [#1062](https://github.com/gradido/gradido/issues/1062) | End `ctrl+c` and restart the `docker-compose up` after a successful build | Several Database connection related errors occur in the docker-compose log. |
| Wallet page is empty | [#1063](https://github.com/gradido/gradido/issues/1063) | Accept Cookies and Local Storage in your Browser | The page stays empty when navigating to [http://localhost/vue](http://localhost/vue) |
| Wallet page is empty | [#1063](https://github.com/gradido/gradido/issues/1063) | Accept Cookies and Local Storage in your Browser | The page stays empty when navigating to [http://localhost/](http://localhost/) |
## Useful Links

4
admin/.env.dist
View File

@ -1,4 +1,4 @@
GRAPHQL_URI=http://localhost:4000/graphql
WALLET_AUTH_URL=http://localhost/vue/authenticate?token=$1
WALLET_URL=http://localhost/vue/login
WALLET_AUTH_URL=http://localhost/authenticate?token=$1
WALLET_URL=http://localhost/login
DEBUG_DISABLE_AUTH=false

1
admin/package.json
View File

@ -33,6 +33,7 @@
"core-js": "^3.6.5",
"dotenv-webpack": "^7.0.3",
"graphql": "^15.6.1",
"express": "^4.17.1",
"identity-obj-proxy": "^3.0.0",
"jest": "26.6.3",
"moment": "^2.29.1",

20
admin/run/server.js
View File

@ -1,15 +1,21 @@
// Imports
const express = require('express')
const serveStatic = require('serve-static')
const path = require('path')
// Port
// Host & Port
const hostname = '127.0.0.1'
const port = process.env.PORT || 8080
// Express Server
const app = express()
// eslint-disable-next-line node/no-path-concat
app.use(serveStatic(__dirname + '/../dist'))
app.listen(port)
// Serve files
app.use(express.static(path.join(__dirname, '../dist')))
// Default to index.html
app.get('*', (req, res) => {
res.sendFile(path.join(__dirname, '../dist/index.html'))
})
// eslint-disable-next-line no-console
console.log(`http://admin:${port} server started.`)
app.listen(port, hostname, () => {
// eslint-disable-next-line no-console
console.log('Listening at http://%s:%s/', hostname, port)
})

2
admin/src/components/NavBar.spec.js
View File

@ -63,7 +63,7 @@ describe('NavBar', () => {
})
it('redirects to /logout', () => {
expect(windowLocationMock).toBeCalledWith('http://localhost/vue/login')
expect(windowLocationMock).toBeCalledWith('http://localhost/login')
})
it('dispatches logout to store', () => {

4
admin/src/config/index.js
View File

@ -19,8 +19,8 @@ const environment = {
const endpoints = {
GRAPHQL_URI: process.env.GRAPHQL_URI || 'http://localhost:4000/graphql',
WALLET_AUTH_URL: process.env.WALLET_AUTH_URL || 'http://localhost/vue/authenticate?token=$1',
WALLET_URL: process.env.WALLET_URL || 'http://localhost/vue/login',
WALLET_AUTH_URL: process.env.WALLET_AUTH_URL || 'http://localhost/authenticate?token=$1',
WALLET_URL: process.env.WALLET_URL || 'http://localhost/login',
}
const debug = {

2
backend/.env.dist
View File

@ -19,7 +19,7 @@ DB_DATABASE=gradido_community
#RESEND_TIME=
RESEND_TIME=10
#EMAIL_LINK_VERIFICATION=http://localhost/vue/checkEmail/$1
#EMAIL_LINK_VERIFICATION=http://localhost/checkEmail/$1
#KLICKTIPP_USER=
#KLICKTIPP_PASSWORD=

1
backend/package.json
View File

@ -21,7 +21,6 @@
"apollo-server-express": "^2.25.2",
"apollo-server-testing": "^2.25.2",
"axios": "^0.21.1",
"body-parser": "^1.19.0",
"class-validator": "^0.13.1",
"cors": "^2.8.5",
"dotenv": "^10.0.0",

10
backend/src/config/index.ts
View File

@ -31,8 +31,8 @@ const klicktipp = {
const community = {
COMMUNITY_NAME: process.env.COMMUNITY_NAME || 'Gradido Entwicklung',
COMMUNITY_URL: process.env.COMMUNITY_URL || 'http://localhost/vue/',
COMMUNITY_REGISTER_URL: process.env.COMMUNITY_REGISTER_URL || 'http://localhost/vue/register',
COMMUNITY_URL: process.env.COMMUNITY_URL || 'http://localhost/',
COMMUNITY_REGISTER_URL: process.env.COMMUNITY_REGISTER_URL || 'http://localhost/register',
COMMUNITY_DESCRIPTION:
process.env.COMMUNITY_DESCRIPTION || 'Die lokale Entwicklungsumgebung von Gradido.',
}
@ -50,13 +50,13 @@ const email = {
EMAIL_PASSWORD: process.env.EMAIL_PASSWORD || 'xxx',
EMAIL_SMTP_URL: process.env.EMAIL_SMTP_URL || 'gmail.com',
EMAIL_SMTP_PORT: process.env.EMAIL_SMTP_PORT || '587',
EMAIL_LINK_VERIFICATION:
process.env.EMAIL_LINK_VERIFICATION || 'http://localhost/vue/checkEmail/$1',
EMAIL_LINK_SETPASSWORD: process.env.EMAIL_LINK_SETPASSWORD || 'http://localhost/vue/reset/$1',
EMAIL_LINK_VERIFICATION: process.env.EMAIL_LINK_VERIFICATION || 'http://localhost/checkEmail/$1',
EMAIL_LINK_SETPASSWORD: process.env.EMAIL_LINK_SETPASSWORD || 'http://localhost/reset/$1',
RESEND_TIME: isNaN(resendTime) ? 10 : resendTime,
}
const webhook = {
// Elopage
WEBHOOK_ELOPAGE_SECRET: process.env.WEBHOOK_ELOPAGE_SECRET || 'secret',
}

16
backend/src/graphql/resolver/CommunityResolver.test.ts
View File

@ -53,8 +53,8 @@ describe('CommunityResolver', () => {
getCommunityInfo: {
name: 'Gradido Entwicklung',
description: 'Die lokale Entwicklungsumgebung von Gradido.',
url: 'http://localhost/vue/',
registerUrl: 'http://localhost/vue/register',
url: 'http://localhost/',
registerUrl: 'http://localhost/register',
},
},
})
@ -75,22 +75,22 @@ describe('CommunityResolver', () => {
id: 1,
name: 'Gradido Entwicklung',
description: 'Die lokale Entwicklungsumgebung von Gradido.',
url: 'http://localhost/vue/',
registerUrl: 'http://localhost/vue/register-community',
url: 'http://localhost/',
registerUrl: 'http://localhost/register-community',
},
{
id: 2,
name: 'Gradido Staging',
description: 'Der Testserver der Gradido-Akademie.',
url: 'https://stage1.gradido.net/vue/',
registerUrl: 'https://stage1.gradido.net/vue/register-community',
url: 'https://stage1.gradido.net/',
registerUrl: 'https://stage1.gradido.net/register-community',
},
{
id: 3,
name: 'Gradido-Akademie',
description: 'Freies Institut für Wirtschaftsbionik.',
url: 'https://gradido.net',
registerUrl: 'https://gdd1.gradido.com/vue/register-community',
registerUrl: 'https://gdd1.gradido.com/register-community',
},
],
},
@ -112,7 +112,7 @@ describe('CommunityResolver', () => {
name: 'Gradido-Akademie',
description: 'Freies Institut für Wirtschaftsbionik.',
url: 'https://gradido.net',
registerUrl: 'https://gdd1.gradido.com/vue/register-community',
registerUrl: 'https://gdd1.gradido.com/register-community',
},
],
},

12
backend/src/graphql/resolver/CommunityResolver.ts
View File

@ -29,7 +29,7 @@ export class CommunityResolver {
name: 'Gradido-Akademie',
description: 'Freies Institut für Wirtschaftsbionik.',
url: 'https://gradido.net',
registerUrl: 'https://gdd1.gradido.com/vue/register-community',
registerUrl: 'https://gdd1.gradido.com/register-community',
}),
]
return [
@ -37,22 +37,22 @@ export class CommunityResolver {
id: 1,
name: 'Gradido Entwicklung',
description: 'Die lokale Entwicklungsumgebung von Gradido.',
url: 'http://localhost/vue/',
registerUrl: 'http://localhost/vue/register-community',
url: 'http://localhost/',
registerUrl: 'http://localhost/register-community',
}),
new Community({
id: 2,
name: 'Gradido Staging',
description: 'Der Testserver der Gradido-Akademie.',
url: 'https://stage1.gradido.net/vue/',
registerUrl: 'https://stage1.gradido.net/vue/register-community',
url: 'https://stage1.gradido.net/',
registerUrl: 'https://stage1.gradido.net/register-community',
}),
new Community({
id: 3,
name: 'Gradido-Akademie',
description: 'Freies Institut für Wirtschaftsbionik.',
url: 'https://gradido.net',
registerUrl: 'https://gdd1.gradido.com/vue/register-community',
registerUrl: 'https://gdd1.gradido.com/register-community',
}),
]
}

2
backend/src/index.ts
View File

@ -13,7 +13,7 @@ async function main() {
console.log(`Server is running at http://localhost:${CONFIG.PORT}`)
if (CONFIG.GRAPHIQL) {
// eslint-disable-next-line no-console
console.log(`GraphIQL available at http://localhost:${CONFIG.PORT}/graphql`)
console.log(`GraphIQL available at http://localhost:${CONFIG.PORT}`)
}
})
}

18
backend/src/server/createServer.ts
View File

@ -6,7 +6,6 @@ import 'module-alias/register'
import { ApolloServer } from 'apollo-server-express'
import express from 'express'
import bodyParser from 'body-parser'
// database
import connection from '../typeorm/connection'
@ -54,8 +53,19 @@ const createServer = async (context: any = serverContext): Promise<any> => {
// cors
app.use(cors)
// bodyparser
app.use(bodyParser.json())
// bodyparser json
app.use(express.json())
// bodyparser text for elopage
app.use(express.text())
// Log every request
/*
app.use((req, res, next) => {
// eslint-disable-next-line no-console
console.log(req)
next()
})
*/
// Elopage Webhook
app.post('/hook/elopage/' + CONFIG.WEBHOOK_ELOPAGE_SECRET, elopageWebhook)
@ -67,7 +77,7 @@ const createServer = async (context: any = serverContext): Promise<any> => {
context,
plugins,
})
apollo.applyMiddleware({ app })
apollo.applyMiddleware({ app, path: '/' })
return { apollo, app, con }
}

21
backend/src/webhook/elopage.ts
View File

@ -28,19 +28,23 @@
*/
import { LoginElopageBuys } from '@entity/LoginElopageBuys'
import { LoginUser } from '@entity/LoginUser'
import { getCustomRepository } from 'typeorm'
import { UserResolver } from '../graphql/resolver/UserResolver'
import { LoginElopageBuysRepository } from '../typeorm/repository/LoginElopageBuys'
import { LoginUserRepository } from '../typeorm/repository/LoginUser'
export const elopageWebhook = async (req: any, res: any): Promise<void> => {
// eslint-disable-next-line no-console
console.log('Elopage Hook received')
res.status(200).end() // Responding is important
const loginElopgaeBuyRepository = await getCustomRepository(LoginElopageBuysRepository)
const loginElopgaeBuy = new LoginElopageBuys()
let firstName = ''
let lastName = ''
const entries = req.body.split('&')
entries.foreach((entry: string) => {
entries.forEach((entry: string) => {
const keyVal = entry.split('=')
if (keyVal.length !== 2) {
if (keyVal.length > 2) {
throw new Error(`Error parsing entry '${entry}'`)
}
const key = keyVal[0]
@ -88,8 +92,10 @@ export const elopageWebhook = async (req: any, res: any): Promise<void> => {
lastName = val
break
default:
// this is too spammy
// eslint-disable-next-line no-console
console.log(`Unknown Elopage Value '${entry}'`)
// console.log(`Unknown Elopage Value '${entry}'`)
break
}
})
@ -101,7 +107,7 @@ export const elopageWebhook = async (req: any, res: any): Promise<void> => {
}
// Save the hook data
await loginElopgaeBuy.save()
await loginElopgaeBuyRepository.save(loginElopgaeBuy)
// create user for certain products
/*
@ -133,7 +139,8 @@ export const elopageWebhook = async (req: any, res: any): Promise<void> => {
}
// Do we already have such a user?
if ((await LoginUser.count({ email })) !== 0) {
const loginUserRepository = await getCustomRepository(LoginUserRepository)
if ((await loginUserRepository.count({ email })) !== 0) {
// eslint-disable-next-line no-console
console.log(`Did not create User - already exists with email: ${email}`)
return

2
backend/yarn.lock
View File

@ -1552,7 +1552,7 @@ binary-extensions@^2.0.0:
resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-2.2.0.tgz#75f502eeaf9ffde42fc98829645be4ea76bd9e2d"
integrity sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==
body-parser@1.19.0, body-parser@^1.18.3, body-parser@^1.19.0:
body-parser@1.19.0, body-parser@^1.18.3:
version "1.19.0"
resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.0.tgz#96b2709e57c9c4e09a6fd66a8fd979844f69f08a"
integrity sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==

2
community_server/src/Template/Pages/js.ctp
View File

@ -37,5 +37,5 @@
</div>
<!-- built files will be auto injected -->
<script type="text/javascript">csfr = "<?= $this->request->getParam('_csrfToken') ?>";</script>
<script type="text/javascript" src="/vue/app.js"></script></body>
<script type="text/javascript" src="/app.js"></script></body>
</html>

14
deployment/bare_metal/.env.dist Normal file
View File

@ -0,0 +1,14 @@
NGINX_SERVER_NAME=_
#Example data
#DEPLOY_SEED_DATA=true
#
#NGINX_REWRITE_LEGACY_URLS=true
#NGINX_SSL=true
#NGINX_SERVER_NAME=stage1.gradido.net
#NGINX_SSL_CERTIFICATE=/etc/letsencrypt/live/stage1.gradido.net/fullchain.pem
#NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/stage1.gradido.net/privkey.pem
#NGINX_SSL_DHPARAM=/etc/letsencrypt/ssl-dhparams.pem
#NGINX_SSL_INCLUDE=/etc/letsencrypt/options-ssl-nginx.conf
#NGINX_UPDATE_PAGE_ROOT=/home/gradido/gradido/deployment/bare_metal/nginx/update-page

29
deployment/bare_metal/build_and_start_login_server.sh
View File

@ -1,29 +0,0 @@
#!/bin/bash
# stop login_server running in screen
screen -XS login quit
# rebuild login-server
cd ../../login_server
if [ ! -d "./build" ] ; then
cd scripts
./prepare_build.sh
cd ..
fi
cd build
cmake ..
make -j$(nproc) Gradido_LoginServer
# rebuild locales
cd ../scripts
./compile_pot.sh
cd ../src/LOCALE
cp *.mo *.po /etc/grd_login/LOCALE/
cd ../../build/bin
# start login-server
screen -dmS 'login_server' bash -c './Gradido_LoginServer'

155
deployment/bare_metal/install.sh Executable file
View File

@ -0,0 +1,155 @@
#!/bin/bash
# This install script requires the minimum requirements already installed.
# How to do this is described in detail in [setup.md](./setup.md)
# Load .env or .env.dist if not present
set -o allexport
if [ -f ".env" ]; then
source .env
else
source .env.dist
fi
set +o allexport
# Install mariadb
sudo apt-get install -y mariadb-server
sudo mysql_secure_installation
# Enter current password for root (enter for none): enter
# Switch to unix_socket authentication [Y/n] Y
# Change the root password? [Y/n] n
# Remove anonymous users? [Y/n] Y
# Disallow root login remotely? [Y/n] Y
# Remove test database and access to it? [Y/n] Y
# Reload privilege tables now? [Y/n] Y
# create db user
DB_USER=gradido
DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo);
# create table
#create database gradido_community
# DEFAULT CHARACTER SET utf8mb4
# DEFAULT COLLATE utf8mb4_unicode_ci;
# GRANT ALL PRIVILEGES ON gradido_community.* TO '$DB_USER'@'localhost';
sudo mysql <<EOFMYSQL
CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWD';
GRANT ALL PRIVILEGES ON *.* TO '$DB_USER'@'localhost';
FLUSH PRIVILEGES;
EOFMYSQL
# TODO generate .env
echo $DB_PASSWORD
#TODO go to database
#TODO generate this
#TODO database setup
cp .env.dist .env
#TODO go to backend
#TODO generate this
#TODO database setup
#TODOchange jwt secret
#TODO change email releated stuff
cp .env.dist .env
#TODO go to frontend
#TODO generate this
#TODO backend url
#TODO admin url
cp .env.dist .env
#TODO go to admin
#TODO generate this
#TODO change graphqlurl
#TODO change wallet url
cp .env.dist .env
#TODO import old database
# Install nginx
sudo apt-get install -y nginx
sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/gradido.conf /etc/nginx/sites-available
sudo ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled
sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/update-page.conf /etc/nginx/sites-available
cd /etc/nginx
sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/common common
# Install yarn
sudo apt-get install -y curl
sudo apt-get install -y gnupg
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt-get update
sudo apt-get install -y yarn
# Install node 16.x
curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -
sudo apt-get install -y nodejs
sudo apt-get install -y build-essential
# Install pm2
sudo yarn global add pm2
# Install certbot
sudo apt-get install -y certbot
sudo apt-get install -y python3-certbot-nginx
sudo certbot --certonly
> Enter email address (used for urgent renewal and security notices) > support@gradido.net
> Please read the Terms of Service at > Y
> Would you be willing, once your first certificate is successfully issued, to > N
> No names were found in your configuration files. Please enter in your domain > stage1.gradido.net
git config pull.ff only
# Allow nginx configuration and restart for gradido
sudo nano /etc/sudoers.d/gradido
> gradido ALL=(ALL) NOPASSWD: /etc/init.d/nginx start,/etc/init.d/nginx stop,/etc/init.d/nginx restart
sudo chmod a+rw /etc/nginx/sites-enabled
# Webhooks (optional)
sudo apt install webhook
nano ~/hooks.json
```
[
{
"id": "github",
"execute-command": "/home/gradido/gradido/deployment/bare_metal/start.sh",
"pass-arguments-to-command": [
{
"source": "string",
"name": "new_deployment"
},
],
"command-working-directory": "/home/gradido/gradido/deployment/bare_metal",
"trigger-rule": {
"and": [
{
"match": {
"type": "payload-hash-sha1",
"secret": "secret",
"parameter": {
"source": "header",
"name": "X-Hub-Signature"
}
}
},
{
"match": {
"type": "value",
"value": "refs/heads/new_deployment",
"parameter": {
"source": "payload",
"name": "ref"
}
}
}
]
}
}
]
```
webhook -hooks ~/hooks.json &
# or for debugging
webhook -hooks ~/hooks.json -verbose

9
deployment/bare_metal/maintenance.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
# update system
sudo apt-get update
sudo apt-get upgrade
# update pm2
sudo yarn global add pm2
pm2 update

54
deployment/bare_metal/nginx/common/protect.conf Normal file
View File

@ -0,0 +1,54 @@
# Deny access to readme.(txt|html) or license.(txt|html) or example.(txt|html) and other common git related files
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
deny all;
}
# Deny access to backup extensions & log files
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
deny all;
}
# deny access to hidden files and directories
location ~ /\.(?!well-known\/) {
deny all;
}
# deny access to base64 encoded urls
location ~* "(base64_encode)(.*)(\()" {
deny all;
}
# deny access to url with the javascript eval() function
location ~* "(eval\()" {
deny all;
}
# deny access to url which include \"127.0.0.1\"
location ~* "(127\.0\.0\.1)" {
deny all;
}
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
deny all;
}
location ~* "(<|%3C).*script.*(>|%3)" {
deny all;
}
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
deny all;
}
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
deny all;
}
location ~* "(https?|ftp|php):/" {
deny all;
}
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
deny all;
}
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
deny all;
}
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
deny all;
}
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|boot\.ini|etc/passwd|eval\(|self/environ|(wp-)?config\.|cgi-|muieblack)" {
deny all;
}
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|configuration)\.php" {
deny all;
}

9
deployment/bare_metal/nginx/common/protect_add_header.conf Normal file
View File

@ -0,0 +1,9 @@
# Prevent browsers from incorrectly detecting non-scripts as scripts
# https://infosec.mozilla.org/guidelines/web_security#x-content-type-options
add_header X-Content-Type-Options "nosniff";
# prevent clickjacking: https://www.owasp.org/index.php/Clickjacking
# https://geekflare.com/add-x-frame-options-nginx/
# https://infosec.mozilla.org/guidelines/web_security#x-frame-options
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";

73
deployment/bare_metal/nginx/sites-available/gradido
View File

@ -1,73 +0,0 @@
server {
server_name _;
listen 80;
listen [::]:80;
include /etc/nginx/common/protect.conf;
include /etc/nginx/common/protect_add_header.conf;
root /var/www/html/gradido/community_server/webroot;
index index.php;
gzip_static on;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location /vue {
alias /var/www/html/gradido/frontend/dist;
index index.html;
location ~* \.(png)$ {
expires 39d;
}
try_files $uri $uri/ /index.html = 404;
}
location /account {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
rewrite /account/(.*) /$1 break;
proxy_pass http://127.0.0.1:1200;
proxy_redirect off;
}
location /login_api {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
rewrite /login_api/(.*) /$1 break;
proxy_pass http://127.0.0.1:1201;
proxy_redirect off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
access_log /var/log/nginx/access.log main;
}

103
deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template Normal file
View File

@ -0,0 +1,103 @@
server {
if ($host = $NGINX_SERVER_NAME) {
return 301 https://$host$request_uri;
}
server_name $NGINX_SERVER_NAME;
listen 80;
listen [::]:80;
return 404;
}
server {
server_name $NGINX_SERVER_NAME;
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate $NGINX_SSL_CERTIFICATE;
ssl_certificate_key $NGINX_SSL_CERTIFICATE_KEY;
include $NGINX_SSL_INCLUDE;
ssl_dhparam $NGINX_SSL_DHPARAM;
include /etc/nginx/common/protect.conf;
include /etc/nginx/common/protect_add_header.conf;
#include /etc/nginx/common/ssl.conf;
#gzip_static on;
# Legacy URLS
set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS";
if ($REWRITE_LEGACY_URLS = 'true') {
rewrite ^/vue/?(.*)$ /$1 permanent;
}
# Frontend (default)
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
# Backend
location /graphql {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:4000;
proxy_redirect off;
}
# Backend webhooks
location /hook {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:4000/hook;
proxy_redirect off;
}
# Webhook reverse proxy
location /hooks/ {
proxy_pass http://127.0.0.1:9000/hooks/;
}
# Admin Frontend
location /admin {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
}
# TODO this could be a performance optimization
#location /vue {
# alias /var/www/html/gradido/frontend/dist;
# index index.html;
#
# location ~* \.(png)$ {
# expires 39d;
# }
# try_files $uri $uri/ /index.html = 404;
#}
#access_log /var/log/nginx/access.log main;
}

89
deployment/bare_metal/nginx/sites-available/gradido.conf.template Normal file
View File

@ -0,0 +1,89 @@
server {
server_name $NGINX_SERVER_NAME;
listen 80;
listen [::]:80;
include /etc/nginx/common/protect.conf;
include /etc/nginx/common/protect_add_header.conf;
#include /etc/nginx/common/ssl.conf;
#gzip_static on;
# Legacy URLS
set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS";
if ($REWRITE_LEGACY_URLS = 'true') {
rewrite ^/vue/?(.*)$ /$1 permanent;
}
# Frontend (default)
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
# Backend
location /graphql {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:4000;
proxy_redirect off;
}
# Backend webhooks
location /hook {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
# no trailing slash to keep the hook/ prefix
proxy_pass http://127.0.0.1:4000/hook;
proxy_redirect off;
}
# Webhook reverse proxy
location /hooks/ {
proxy_pass http://127.0.0.1:9000/hooks/;
}
# Admin Frontend
location /admin {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
}
# TODO this could be a performance optimization
#location /vue {
# alias /var/www/html/gradido/frontend/dist;
# index index.html;
#
# location ~* \.(png)$ {
# expires 39d;
# }
# try_files $uri $uri/ /index.html = 404;
#}
#access_log /var/log/nginx/access.log main;
}

29
deployment/bare_metal/nginx/sites-available/gradido_updating
View File

@ -1,29 +0,0 @@
server {
server_name _;
listen 80;
listen [::]:80;
include /etc/nginx/common/protect.conf;
include /etc/nginx/common/protect_add_header.conf;
root /var/www/html/;
index updating.html;
location /account {
alias /var/www/html/;
index updating.html;
}
location /vue {
alias /var/www/html/;
index updating.html;
}
location ~ /\.ht {
deny all;
}
access_log /var/log/nginx/access.log main;
}

36
deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template Normal file
View File

@ -0,0 +1,36 @@
server {
if ($host = $NGINX_SERVER_NAME) {
return 301 https://$host$request_uri;
}
server_name $NGINX_SERVER_NAME;
listen 80;
listen [::]:80;
return 404;
}
server {
server_name $NGINX_SERVER_NAME;
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate $NGINX_SSL_CERTIFICATE;
ssl_certificate_key $NGINX_SSL_CERTIFICATE_KEY;
include $NGINX_SSL_INCLUDE;
ssl_dhparam $NGINX_SSL_DHPARAM;
include /etc/nginx/common/protect.conf;
include /etc/nginx/common/protect_add_header.conf;
root $NGINX_UPDATE_PAGE_ROOT;
index updating.html;
#location / {
# alias $NGINX_UPDATE_PAGE_ROOT;
# index updating.html;
#}
#access_log /var/log/nginx/access.log main;
}

21
deployment/bare_metal/nginx/sites-available/update-page.conf.template Normal file
View File

@ -0,0 +1,21 @@
server {
server_name _;
listen 80;
listen [::]:80;
include /etc/nginx/common/protect.conf;
include /etc/nginx/common/protect_add_header.conf;
root $NGINX_UPDATE_PAGE_ROOT;
index updating.html;
#location / {
# alias $NGINX_UPDATE_PAGE_ROOT;
# index updating.html;
#}
access_log /var/log/nginx/access.log main;
}

3
deployment/bare_metal/nginx/update-page/updating.html.template Normal file
View File

@ -0,0 +1,3 @@
Gradido is currently updating...<br>
please stand by and try again in some minutes<br>
<br>

1
deployment/bare_metal/nginx/updating_original.html
View File

@ -1 +0,0 @@
Gradido Servers are updating..., please stand by and try again in some minutes

0
deployment/bare_metal/build_frontend.sh → deployment/bare_metal/old/build_frontend.sh
View File

138
deployment/bare_metal/old/setup_server_online_ubuntu18.sh Normal file
View File

@ -0,0 +1,138 @@
# nginx security
sudo cat << "EOF" > ssl.conf
##
# SSL Settings
##
# disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
# enables server-side protection from BEAST attacks
# http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
ssl_prefer_server_ciphers on;
# enable session resumption to improve https performance
# http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# ciphers chosen for forward secrecy and compatibility
# http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
# enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner)
# http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
resolver 8.8.8.8 8.8.4.4;
ssl_stapling on;
ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/star_forgott_com.crt;
# config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
# to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
# also https://hstspreload.org/
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
EOF
cd /etc/nginx/conf.d
sudo cat <<EOF > logging.conf
log_format main '$http_x_forwarded_for - $remote_user [$time_local] '
'"$request_method $scheme://$host$request_uri $server_protocol" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $request_time';
EOF
# fail2ban enable blocking to many http request resulting in forbidden
echo "fail2ban config"
cd /etc/fail2ban/filter.d
sudo cat <<EOF > nginx-forbidden.conf
[Definition]
failregex = ^.*\[error\] \d+#\d+: .* forbidden .*, client: <HOST>, .*$
ignoreregex =
EOF
cd /etc/fail2ban/jail.d
sudo cat <<EOF > nginx-forbidden.conf
[nginx-forbidden]
enabled = true
filter = nginx-forbidden
port = http,https
logpath = /var/log/nginx/*error*.log
findtime = 60
bantime = 6000
maxretry = 3
EOF
sudo service fail2ban restart
# phpmyadmin
echo "install and secure phpmyadmin"
sudo apt install phpmyadmin
cd /etc/phpmyadmin/conf.d
sudo cat <<EOF > pma_secure.php
<?php
# PhpMyAdmin Settings
# This should be set to a random string of at least 32 chars
$cfg['blowfish_secret'] = '3!#32@3sa(+=_4?),5XP_:U%%8\34sdfSdg43yH#{o';
$i=0;
$i++;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['Servers'][$i]['AllowRoot'] = false;
?>
EOF
phpmyadminPwd = $(openssl passwd)
echo "Please give a username for phpmyadmin, but not root"
read phpmyadmin_user
# TODO: check if phpmyadmin_user isn't really root
sudo cat <<EOF > /etc/nginx/pma_pass
$phpmyadmin_user:$phpmyadminPwd
EOF
serverIP = $(ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1')
sudo cat <<EOF > /etc/nginx/sites-available/phpmyadmin
server {
listen 80 ;
listen [::]:80;
server_name $serverIP;
location ~* \.(png|jpg|ico)$ {
expires 30d;
}
location ~* \.(js|css) {
expires 30d;
}
location /phpmyadmin {
root /usr/share/phpmyadmin
index index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
}
location ~ /\.ht {
deny all;
}
access_log /var/log/nginx/access.log main;
}
EOF
sudo ln -s /etc/nginx/sites-available/phpmyadmin /etc/nginx/sites-enabled

77
deployment/bare_metal/setup.md Normal file
View File

@ -0,0 +1,77 @@
# Setup script to setup the server be ready to run gradido
# This assums you have root access via ssh to your cleanly setup server
# Furthermore this assumes you have debian (11 64bit) running
> ssh root@gddhost.tld
# change default shell
chsh
# Create user `gradido`
> useradd -d /home/gradido -m gradido
> passwd gradido
>> enter new
# Gives the user priviledges - this might be omitted in order to harden security
# Care: This will require another administering user if you don't want root access.
# Since this setup expects the user running the software be the same as the administering user,
# you have to adjust the instructions according to that scenario.
# You might lock yourself out, if done wrong.
> usermod -a -G sudo gradido
# Install sudo
> apt-get install sudo
# switch to the new user
> su gradido
# Register first ssh key for user `gradido`
> mkdir ~/.ssh
> chmod 700 ~/.ssh
> nano ~/.ssh/authorized_keys
>> insert public key
>> ctrl + x
>> save
# Test authentication via SSH
> ssh -i /path/to/privKey gradido@gddhost.tld
>> This should log you in and allow you to use sudo commands, which will require the user's password
# Disable password authentication & root login
> cd /etc/ssh
> sudo cp sshd_config sshd_config.org
> sudo nano sshd_config
>> change `PermitRootLogin yes` to `PermitRootLogin no`
>> change `#PasswordAuthentication yes` to `PasswordAuthentication no`
>> change `UsePAM yes` to `UsePAM no`
>> ctrl + x
>> save
> sudo /etc/init.d/ssh restart
# Test SSH Access only, no root ssh access
> ssh gradido@gddhost.tld
>> Will result in in either a password request for your key or the message `Permission denied (publickey)`
> ssh -i /path/to/privKey root@gddhost.tld
>> Will result in `Permission denied (publickey)`
> ssh -i /path/to/privKey gradido@gddhost.tld
>> Will succeed after entering the correct keys password (if any)
# update system
> sudo apt-get update
> sudo apt-get upgrade
# Install security tools
## ufw
> sudo apt-get install ufw
> sudo ufw allow http
> sudo ufw allow https
> sudo ufw allow ssh
> sudo ufw enable
## fail2ban
> sudo apt-get install fail2ban
> sudo /etc/init.d/fail2ban restart
# Install gradido
> sudo apt-get install git
> git clone https://github.com/gradido/gradido.git
> cd gradido/deployment/bare_metal
> ./install.sh

114
deployment/bare_metal/start.sh Executable file
View File

@ -0,0 +1,114 @@
#!/bin/bash
# Find current directory & configure paths
set -o allexport
SCRIPT_PATH=$(realpath $0)
SCRIPT_DIR=$(dirname $SCRIPT_PATH)
LOCK_FILE=$SCRIPT_DIR/update.lock
UPDATE_HTML=$SCRIPT_DIR/nginx/update-page/updating.html
PROJECT_ROOT=$SCRIPT_DIR/../..
NGINX_CONFIG_DIR=$SCRIPT_DIR/nginx/sites-available
set +o allexport
# Load .env or .env.dist if not present
set -o allexport
#TODO
if [ -f "$SCRIPT_DIR/.env" ]; then
source $SCRIPT_DIR/.env
else
source $SCRIPT_DIR/.env.dist
fi
set +o allexport
# lock start
if [ -f $LOCK_FILE ] ; then
return "Already building!" 2>/dev/null || exit 1
fi
touch $LOCK_FILE
# Create a new updating.html from the template
\cp $SCRIPT_DIR/nginx/update-page/updating.html.template $UPDATE_HTML
# configure nginx for the update-page
echo 'Configuring nginx to serve the update-page<br>' >> $UPDATE_HTML
rm /etc/nginx/sites-enabled/gradido.conf
ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/
sudo /etc/init.d/nginx restart
# stop all services
echo 'Stopping all Gradido services<br>' >> $UPDATE_HTML
pm2 stop all
# git
BRANCH=${1:-master}
echo "Starting with git pull - branch:$BRANCH<br>" >> $UPDATE_HTML
cd $PROJECT_ROOT
git fetch origin $BRANCH
git checkout $BRANCH
git pull
export BUILD_COMMIT="$(git rev-parse HEAD)"
# Generate gradido.conf from template
echo 'Generate new gradido nginx config<br>' >> $UPDATE_HTML
case "$NGINX_SSL" in
true) TEMPLATE_FILE="gradido.conf.ssl.template" ;;
*) TEMPLATE_FILE="gradido.conf.template" ;;
esac
envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/gradido.conf
# Generate update-page.conf from template
echo 'Generate new update-page nginx config<br>' >> $UPDATE_HTML
case "$NGINX_SSL" in
true) TEMPLATE_FILE="update-page.conf.ssl.template" ;;
*) TEMPLATE_FILE="update-page.conf.template" ;;
esac
envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/update-page.conf
# Install & build database
echo 'Updating database<br>' >> $UPDATE_HTML
cd $PROJECT_ROOT/database
yarn install
yarn build
if [ "$DEPLOY_SEED_DATA" = "true" ]; then
yarn dev_up
yarn dev_reset
yarn seed
else
yarn up
fi
# Install & build backend
echo 'Updating backend<br>' >> $UPDATE_HTML
cd $PROJECT_ROOT/backend
yarn install
yarn build
pm2 delete gradido-backend
pm2 start --name gradido-backend "yarn --cwd $PROJECT_ROOT/backend start"
pm2 save
# Install & build frontend
echo 'Updating frontend<br>' >> $UPDATE_HTML
cd $PROJECT_ROOT/frontend
yarn install
yarn build
pm2 delete gradido-frontend
pm2 start --name gradido-frontend "yarn --cwd $PROJECT_ROOT/frontend start"
pm2 save
# Install & build admin
echo 'Updating admin<br>' >> $UPDATE_HTML
cd $PROJECT_ROOT/admin
yarn install
yarn build
pm2 delete gradido-admin
pm2 start --name gradido-admin "yarn --cwd $PROJECT_ROOT/admin start"
pm2 save
# let nginx showing gradido
echo 'Configuring nginx to serve gradido again<br>' >> $UPDATE_HTML
ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/
rm /etc/nginx/sites-enabled/update-page.conf
sudo /etc/init.d/nginx restart
# release lock
rm $LOCK_FILE

51
deployment/bare_metal/update_all.sh
View File

@ -1,51 +0,0 @@
#!/bin/bash
EMPTY_UPDATE_HTML=/var/www/html/updating_original.html
UPDATE_HTML=/var/www/html/updating.html
LOCK_FILE=/root/relay.lock
PROJECT_PATH=/var/www/html/gradido
SITE_CONFIG=stage1
UPDATE_SITE_CONFIG=stage1_updating
# this script can be called for example from webhookrelay.com relay
# to auto-deploy automatic after a update to the master branch
if [ -f $LOCK_FILE ] ; then
retVal="Already building!"
return "${retVal}" 2>/dev/null || exit "${retVal}"
fi
touch $LOCK_FILE
# start with nearly empty html
# needed a nearly empty html page in the folder
cp $EMPTY_UPDATE_HTML $UPDATE_HTML
# let nginx showing a update page
# needed nginx site-configs in nginx folders
# gradido for running gradido servers
# gradido_updating for showing upddate.html idealy for all pathes
rm /etc/nginx/sites-enabled/$SITE_CONFIG
ln -s /etc/nginx/sites-available/$UPDATE_SITE_CONFIG /etc/nginx/sites-enabled/
service nginx restart
# stop login server
screen -XS login quit
echo 'starting with git pull<br>' >> $UPDATE_HTML
cd $PROJECT_PATH
# git checkout -f master
git pull
cd deployment/bare_metal
echo 'starting with rebuilding login-server<br>' >> $UPDATE_HTML
./build_and_start_login_server.sh
echo 'starting with rebuilding frontend<br>' >> $UPDATE_HTML
./build_frontend.sh
# let nginx showing gradido
rm /etc/nginx/sites-enabled/$UPDATE_SITE_CONFIG
ln -s /etc/nginx/sites-available/$SITE_CONFIG /etc/nginx/sites-enabled/
service nginx restart
rm $LOCK_FILE

4
docker-compose.override.yml
View File

@ -129,10 +129,6 @@ services:
## NGINX ################################################
#########################################################
nginx:
depends_on:
- frontend
- community-server
- login-server
volumes:
- ./logs/nginx:/var/log/nginx

9
docker-compose.yml
View File

@ -151,15 +151,14 @@ services:
## nginx, connect login-server and community-server together (and php-fpm to community-server)
nginx:
build:
context: .
dockerfile: ./nginx/Dockerfile
context: ./nginx/
networks:
- external-net
- internal-net
depends_on:
- community-server
- login-server
- frontend
- frontend
- backend
- admin
ports:
- 80:80

4
docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-01-LoginMaske.md
View File

@ -28,8 +28,8 @@ Es wird die Anzeige der Login-Maske geprüft auf:
Es wird die URL
* Testumgebung: https://stage1.gradido.net/vue/login
* Produktionsumgebung: https://gradido.net/vue/login
* Testumgebung: https://stage1.gradido.net/login
* Produktionsumgebung: https://gdd1.gradido.net/login
aufgerufen und die Login-Maske wird angezeigt.

4
docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-02-LoginMaske.md
View File

@ -31,8 +31,8 @@ Prüfung auf korrekten Funktionsweise des Buttons "Anmeldung":
2. Mit Betätigen des Buttons "Anmeldung" wird der Login-Prozess gestartet
1. *Gibt es noch weitere Prüfschritte (LOG-Ausgaben auf Login-, Community-Server o.ä.) die hier überprüft werden sollten?*
3. Bei erfolgreichem Login wird die URL angezeigt
* Testumgebung: "https://stage1.gradido.net/vue/overview"
* Produktionsumgebung: "https://gradido.net/vue/overview"
* Testumgebung: "https://stage1.gradido.net/overview"
* Produktionsumgebung: "https://gdd1.gradido.net/overview"
4. Bei fehlerhaftem Login wird eine entsprechend aussagekräftige Fehlermeldung angezeigt und die Anzeige verbleibt auf der Login-Maske.
## Ende-Bedingungen:

20
docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md
View File

@ -21,8 +21,8 @@ Es wird in der Login-Maske die Funktion des Links "Passwort vergessen?"geprüft:
Es wird die URL
* Testumgebung: https://stage1.gradido.net/vue/login
* Produktionsumgebung: https://gradido.net/vue/login
* Testumgebung: https://stage1.gradido.net/login
* Produktionsumgebung: https://gdd1.gradido.net/login
aufgerufen und die Login-Maske wird angezeigt.
@ -33,8 +33,8 @@ aufgerufen und die Login-Maske wird angezeigt.
* Prüfung auf korrekte Funktionsweise des Links "Passwort vergessen?"
* keine sonstigen Eingaben bzw. Vorraussetzungen notwendig
* Mit Betätigen des Links "Passwort vergessen?" wird der Passwort-Zurücksetzen-Prozess gestartet und unter
* der Testumgebung: https://stage1.gradido.net/vue/password
* der Produktionsumgebung: https://gradido.net/vue/password
* der Testumgebung: https://stage1.gradido.net/password
* der Produktionsumgebung: https://gdd1.gradido.net/password
* folgende Maske angezeigt:
![1te Passwort zurücksetzen Maske](../image/T02-C001-03-LoginMaske1.png)
@ -70,8 +70,8 @@ aufgerufen und die Login-Maske wird angezeigt.
3. Wiederholung von Schritt 2.4.1 und 2.4.2 bis alle verfügbaren Sprachen geprüft sind
5. Link "Zurück" ist aktiv und landet auf URL
1. Testumgebung: https://stage1.gradido.net/vue/Login
2. Produktionsumgebung: https://gradido.net/vue/Login
1. Testumgebung: https://stage1.gradido.net/login
2. Produktionsumgebung: https://gdd1.gradido.net/login
6. Footer-Links:
1. "Gradido-Akademie" reagiert und landet je nach aktuell eingestellter Sprache auf URL "https://gradido.net/de"
@ -91,8 +91,8 @@ aufgerufen und die Login-Maske wird angezeigt.
![Email-Versandmakse](../image/T02-C001-03-LoginMaske2.png)
5. **In dem angegebenen Email-Postfach wird eine Email empfangen, die ein Zurücksetzen-Link enthält:**
1. Testumgebung: https://stage1.gradido.net/vue/reset/'erzeugter rest-code'
2. Produktionsumgebung: https://gradido.net/vue/reset/'erzeugter reset-code'
1. Testumgebung: https://stage1.gradido.net/reset/'erzeugter rest-code'
2. Produktionsumgebung: https://ggd1.gradido.net/reset/'erzeugter reset-code'
6. **Mit Betätigen des Reset-Links bzw. Aufruf des Rest-Links im Browser wird folgende Maske angezeigt:**
![2te Passwort zurücksetzen Maske](../image/T02-C001-03-LoginMaske3.png)
@ -137,8 +137,8 @@ aufgerufen und die Login-Maske wird angezeigt.
3. Wiederholung von Schritt 8.3.1 und 8.3.2 bis alle verfügbaren Sprachen geprüft sind
12. Link "Zurück" ist aktiv und landet auf URL
1. Testumgebung: https://stage1.gradido.net/vue/Login
2. Produktionsumgebung: https://gradido.net/vue/Login
1. Testumgebung: https://stage1.gradido.net/Login
2. Produktionsumgebung: https://gdd1.gradido.net/Login
13. Footer-Links:
1. "Gradido-Akademie" reagiert und landet je nach aktuell eingestellter Sprache auf URL "https://gradido.net/de"

2
docu/create-coins-as-admin.md
View File

@ -1,5 +1,5 @@
### User creation
A user needs to be created on the login_server we do this when we create a User in the client https://$community_domain/vue/register.
A user needs to be created on the login_server we do this when we create a User in the client https://$community_domain/register.
### Admin user
To set a User admin we need the following SQL query on the gradido_login database:

20
frontend/run/server.js
View File

@ -1,15 +1,21 @@
// Imports
const express = require('express')
const serveStatic = require('serve-static')
const path = require('path')
// Port
// Host & Port
const hostname = '127.0.0.1'
const port = process.env.PORT || 3000
// Express Server
const app = express()
// eslint-disable-next-line node/no-path-concat
app.use(serveStatic(__dirname + '/../dist'))
app.listen(port)
// Serve files
app.use(express.static(path.join(__dirname, '../dist')))
// Default to index.html
app.get('*', (req, res) => {
res.sendFile(path.join(__dirname, '../dist/index.html'))
})
// eslint-disable-next-line no-console
console.log(`http://frontend:${port} server started.`)
app.listen(port, hostname, () => {
// eslint-disable-next-line no-console
console.log('Listening at http://%s:%s/', hostname, port)
})

2
frontend/src/routes/router.js
View File

@ -5,7 +5,7 @@ import routes from './routes'
Vue.use(VueRouter)
const router = new VueRouter({
base: '/vue',
base: '/',
routes,
linkActiveClass: 'active',
mode: 'history',

4
frontend/src/routes/router.test.js
View File

@ -6,10 +6,10 @@ describe('router', () => {
const { options } = router
const { scrollBehavior, routes } = options
it('has "/vue" as base', () => {
it('has "/" as base', () => {
expect(options).toEqual(
expect.objectContaining({
base: '/vue',
base: '/',
}),
)
})

4
frontend/src/store/store.test.js
View File

@ -124,13 +124,13 @@ describe('Vuex store', () => {
name: 'test12',
description: 'test community 12',
url: 'http://test12.test12/',
registerUrl: 'http://test12.test12/vue/register',
registerUrl: 'http://test12.test12/register',
})
expect(state.community).toEqual({
name: 'test12',
description: 'test community 12',
url: 'http://test12.test12/',
registerUrl: 'http://test12.test12/vue/register',
registerUrl: 'http://test12.test12/register',
})
})
})

8
frontend/src/views/Pages/Login.spec.js
View File

@ -10,7 +10,7 @@ const apolloQueryMock = jest.fn().mockResolvedValue({
name: 'test12',
description: 'test community 12',
url: 'http://test12.test12/',
registerUrl: 'http://test12.test12/vue/register',
registerUrl: 'http://test12.test12/register',
},
},
})
@ -79,7 +79,7 @@ describe('Login', () => {
name: 'test12',
description: 'test community 12',
url: 'http://test12.test12/',
registerUrl: 'http://test12.test12/vue/register',
registerUrl: 'http://test12.test12/register',
})
})
@ -111,8 +111,8 @@ describe('Login', () => {
jest.clearAllMocks()
mocks.$store.state.community = {
name: 'Gradido Entwicklung',
url: 'http://localhost/vue/',
registerUrl: 'http://localhost/vue/register',
url: 'http://localhost/',
registerUrl: 'http://localhost/register',
description: 'Die lokale Entwicklungsumgebung von Gradido.',
}
wrapper = Wrapper()

8
frontend/src/views/Pages/Register.spec.js
View File

@ -11,7 +11,7 @@ const apolloQueryMock = jest.fn().mockResolvedValue({
name: 'test12',
description: 'test community 12',
url: 'http://test12.test12/',
registerUrl: 'http://test12.test12/vue/register',
registerUrl: 'http://test12.test12/register',
},
},
})
@ -73,7 +73,7 @@ describe('Register', () => {
name: 'test12',
description: 'test community 12',
url: 'http://test12.test12/',
registerUrl: 'http://test12.test12/vue/register',
registerUrl: 'http://test12.test12/register',
})
})
@ -105,8 +105,8 @@ describe('Register', () => {
jest.clearAllMocks()
mocks.$store.state.community = {
name: 'Gradido Entwicklung',
url: 'http://localhost/vue/',
registerUrl: 'http://localhost/vue/register',
url: 'http://localhost/',
registerUrl: 'http://localhost/register',
description: 'Die lokale Entwicklungsumgebung von Gradido.',
}
wrapper = Wrapper()

8
frontend/src/views/Pages/RegisterCommunity.spec.js
View File

@ -9,7 +9,7 @@ const apolloQueryMock = jest.fn().mockResolvedValue({
name: 'test12',
description: 'test community 12',
url: 'http://test12.test12/',
registerUrl: 'http://test12.test12/vue/register',
registerUrl: 'http://test12.test12/register',
},
},
})
@ -61,7 +61,7 @@ describe('RegisterCommunity', () => {
name: 'test12',
description: 'test community 12',
url: 'http://test12.test12/',
registerUrl: 'http://test12.test12/vue/register',
registerUrl: 'http://test12.test12/register',
})
})
@ -87,8 +87,8 @@ describe('RegisterCommunity', () => {
jest.clearAllMocks()
mocks.$store.state.community = {
name: 'Gradido Entwicklung',
url: 'http://localhost/vue/',
registerUrl: 'http://localhost/vue/register',
url: 'http://localhost/',
registerUrl: 'http://localhost/register',
description: 'Die lokale Entwicklungsumgebung von Gradido.',
}
wrapper = Wrapper()

22
frontend/src/views/Pages/RegisterSelectCommunity.spec.js
View File

@ -20,7 +20,7 @@ const apolloQueryMock = jest
name: 'test12',
description: 'test community 12',
url: 'http://test12.test12/',
registerUrl: 'http://test12.test12/vue/register',
registerUrl: 'http://test12.test12/register',
},
},
})
@ -31,22 +31,22 @@ const apolloQueryMock = jest
id: 1,
name: 'Gradido Entwicklung',
description: 'Die lokale Entwicklungsumgebung von Gradido.',
url: 'http://localhost/vue/',
registerUrl: 'http://localhost/vue/register-community',
url: 'http://localhost/',
registerUrl: 'http://localhost/register-community',
},
{
id: 2,
name: 'Gradido Staging',
description: 'Der Testserver der Gradido-Akademie.',
url: 'https://stage1.gradido.net/vue/',
registerUrl: 'https://stage1.gradido.net/vue/register-community',
url: 'https://stage1.gradido.net/',
registerUrl: 'https://stage1.gradido.net/register-community',
},
{
id: 3,
name: 'Gradido-Akademie',
description: 'Freies Institut für Wirtschaftsbionik.',
url: 'https://gradido.net',
registerUrl: 'https://gdd1.gradido.com/vue/register-community',
registerUrl: 'https://gdd1.gradido.com/register-community',
},
],
},
@ -139,8 +139,8 @@ describe('RegisterSelectCommunity', () => {
mocks.$store.state.community = {
name: 'Gradido Entwicklung',
description: 'Die lokale Entwicklungsumgebung von Gradido.',
url: 'http://localhost/vue/',
registerUrl: 'http://localhost/vue/register-community',
url: 'http://localhost/',
registerUrl: 'http://localhost/register-community',
}
wrapper = Wrapper()
})
@ -172,15 +172,15 @@ describe('RegisterSelectCommunity', () => {
id: 2,
name: 'Gradido Staging',
description: 'Der Testserver der Gradido-Akademie.',
url: 'https://stage1.gradido.net/vue/',
registerUrl: 'https://stage1.gradido.net/vue/register-community',
url: 'https://stage1.gradido.net/',
registerUrl: 'https://stage1.gradido.net/register-community',
},
{
id: 3,
name: 'Gradido-Akademie',
description: 'Freies Institut für Wirtschaftsbionik.',
url: 'https://gradido.net',
registerUrl: 'https://gdd1.gradido.com/vue/register-community',
registerUrl: 'https://gdd1.gradido.com/register-community',
},
],
})

2
frontend/vue.config.js
View File

@ -17,7 +17,7 @@ module.exports = {
},
},
lintOnSave: true,
publicPath: '/vue',
publicPath: '/',
configureWebpack: {
// Set up all the aliases we use in our app.
resolve: {

2
login_server/README.md
View File

@ -113,7 +113,7 @@ loginServer.db.password =
loginServer.db.port = 3306
# check email path for new frontend for link generation in emails
frontend.checkEmailPath = http://localhost/vue/reset
frontend.checkEmailPath = http://localhost/reset
# disable email all together
email.disable = true

2
login_server/src/cpsp/Login.cpsp
View File

@ -299,7 +299,7 @@
</a>
</div>
<div class="reset-pwd-link">
<a href="<%= getHost() %>/vue/password"><%= langCatalog->gettext("Passwort vergessen") %></a>
<a href="<%= getHost() %>/password"><%= langCatalog->gettext("Passwort vergessen") %></a>
</div>
</div>
</div>

9
nginx/Dockerfile
View File

@ -1,10 +1,3 @@
FROM nginx:1.21.0
WORKDIR /var/www/cakephp
COPY ./nginx/nginx.conf /etc/nginx/conf.d/default.conf
COPY ./nginx/fastcgi.conf /etc/nginx/
COPY ./nginx/mime.types /etc/nginx/
COPY ./community_server/webroot webroot
COPY ./gradido.conf /etc/nginx/conf.d/default.conf

25
nginx/fastcgi.conf
View File

@ -1,25 +0,0 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

84
nginx/gradido.conf Normal file
View File

@ -0,0 +1,84 @@
server {
server_name $NGINX_SERVER_NAME;
listen 80;
listen [::]:80;
#include /etc/nginx/common/protect.conf;
#include /etc/nginx/common/protect_add_header.conf;
#include /etc/nginx/common/ssl.conf;
#gzip_static on;
# Legacy URLS
set $REWRITE_LEGACY_URLS "true";
if ($REWRITE_LEGACY_URLS = 'true') {
rewrite ^/vue/?(.*)$ /$1 permanent;
}
# Frontend (default)
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://frontend:3000;
proxy_redirect off;
}
# Backend
location /graphql {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://backend:4000;
proxy_redirect off;
}
# Backend webhooks
location /hook {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://backend:4000/hook;
proxy_redirect off;
}
# Admin Frontend
location /admin {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
# TODO: in docker environemnt we do not have the trailing slash. This needs work
proxy_pass http://admin:8080;
proxy_redirect off;
}
# TODO this could be a performance optimization
#location /vue {
# alias /var/www/html/gradido/frontend/dist;
# index index.html;
#
# location ~* \.(png)$ {
# expires 39d;
# }
# try_files $uri $uri/ /index.html = 404;
#}
#access_log /var/log/nginx/access.log main;
}

88
nginx/mime.types
View File

@ -1,88 +0,0 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

98
nginx/nginx.conf
View File

@ -1,98 +0,0 @@
server {
listen 80 ;
listen [::]:80;
server_name 0.0.0.0;
#include /etc/nginx/common/protect.conf;
#include /etc/nginx/common/protect_add_header.conf;
#include /etc/nginx/common/ssl.conf;
root /var/www/cakephp/webroot;
index index.php;
location ~ \.php$ {
fastcgi_pass community-server:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PHP_VALUE "error_log=/var/www/myapp/logs/php_errors.log";
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
location /account {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
rewrite /account/(.*) /$1 break;
proxy_pass http://login-server:1200;
proxy_redirect off;
}
location /login_api {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
rewrite /login_api/(.*) /$1 break;
proxy_pass http://login-server:1201;
proxy_redirect off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location /vue {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://frontend:3000;
proxy_redirect off;
}
location /admin {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://admin:8080;
proxy_redirect off;
}
location /sockjs-node {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://frontend:3000;
proxy_redirect off;
}
# access_log /var/log/nginx/access.log main;
}