jcoakley/dev1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Integrate Gitea + Woodpecker, TLS proxy, shared net

Browse Source
This commit is contained in:
Josh 2025-07-30 15:13:30 +00:00
parent 36da8a5a7f
commit 06cebb2f54
5 changed files with 67 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.env
View File

@ -2,4 +2,4 @@ CORS_ALLOWED_ORIGINS=https://dev1.aptivaai.com,http://34.16.120.118:3000,http://
SERVER1_PORT=5000
SERVER2_PORT=5001
SERVER3_PORT=5002
IMG_TAG=202507281838
IMG_TAG=202507301457

8
docker-compose.yml
View File

@ -101,9 +101,17 @@ services:
image: nginx:1.25-alpine
command: ["nginx", "-g", "daemon off;"]
depends_on: [server1, server2, server3]
networks: [default, aptiva-shared]
ports: ["80:80", "443:443"]
volumes:
- ./build:/usr/share/nginx/html:ro
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- /etc/letsencrypt:/etc/letsencrypt:ro
- ./empty:/etc/nginx/conf.d
networks:
default:
name: aptiva_default
aptiva-shared:
external: true

66
nginx.conf
View File

@ -4,14 +4,15 @@ http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# ------------------ upstreams (one line to edit per container) ----------
# ───────────── upstreams to Docker services ─────────────
upstream backend5000 { server server1:5000; } # auth & free
upstream backend5001 { server server2:5001; } # onet, distance, etc.
upstream backend5002 { server server3:5002; } # premium
upstream gitea_backend { server gitea:3000; } # gitea service (shared network)
# -----------------------------------------------------------------------
# 1. HTTP HTTPS redirect
# -----------------------------------------------------------------------
########################################################################
# 1. HTTP  HTTPS redirect for the main site
########################################################################
server {
listen 80;
listen [::]:80;
@ -19,19 +20,19 @@ http {
return 301 https://$host$request_uri;
}
# -----------------------------------------------------------------------
# 2. Main virtual host on :443
# -----------------------------------------------------------------------
########################################################################
# 2. Main virtual host (dev1.aptivaai.com) on :443
########################################################################
server {
listen 443 ssl http2;
listen 443 ssl;
http2 on; # modern syntax
server_name dev1.aptivaai.com;
# ---------- TLS -----------------------------------------------------
ssl_certificate /etc/letsencrypt/live/dev1.aptivaai.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev1.aptivaai.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
# ---------- React static assets -------------------------------------
# ───── React static assets ─────
root /usr/share/nginx/html;
index index.html;
location / {
@ -42,13 +43,7 @@ http {
access_log off;
}
# -------------------------------------------------------------------
# 3. API reverseproxy rules (three prefixes = three backends)
# -------------------------------------------------------------------
## 3A server2 career, maps, onet, salary, etc.
## Anything that *starts* with /api/onet/ OR any one of the paths
## you previously enumerated now lives here.
# ───── API reverseproxy rules ─────
location ^~ /api/onet/ { proxy_pass http://backend5001; }
location ^~ /api/chat/ { proxy_pass http://backend5001; proxy_http_version 1.1; proxy_buffering off; }
location ^~ /api/job-zones { proxy_pass http://backend5001; }
@ -61,23 +56,48 @@ http {
location ^~ /api/maps/distance { proxy_pass http://backend5001; }
location ^~ /api/schools { proxy_pass http://backend5001; }
## 3B server3 premium & public assets handled by server3
location ^~ /api/premium/ { proxy_pass http://backend5002; }
location ^~ /api/public/ { proxy_pass http://backend5002; }
## 3C server1 everything else beginning with /api/
## (register, signin, userprofile, areas, activatepremium, …)
location ^~ /api/ { proxy_pass http://backend5000; }
# ---------- shared proxy settings -----------------------------------
## Add the headers *once*; they apply to every proxy_pass above.
# shared proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# ---------- error pages ---------------------------------------------
error_page 502 503 504 /50x.html;
location = /50x.html { root /usr/share/nginx/html; }
}
########################################################################
# 3. Gitea virtual host (HTTPS) gitea.dev1.aptivaai.com
########################################################################
server {
listen 443 ssl;
http2 on;
server_name gitea.dev1.aptivaai.com;
ssl_certificate /etc/letsencrypt/live/gitea.dev1.aptivaai.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gitea.dev1.aptivaai.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://gitea_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
########################################################################
# 4. Gitea HTTP  HTTPS redirect
########################################################################
server {
listen 80;
server_name gitea.dev1.aptivaai.com;
return 301 https://$host$request_uri;
}
}

12
refresh_secrets.sh Executable file
View File

@ -0,0 +1,12 @@
#!/usr/bin/env bash
set -euo pipefail
# Reexport secrets from Secret Manager
echo "🔐 Pulling latest secrets…"
source /home/jcoakley/aptiva-dev1-app/fetch-secrets.sh # same array as deploy_all.sh
# Restart only the application stack so env changes propagate
cd /home/jcoakley/aptiva-dev1-app
docker compose up -d --no-build --no-deps server1 server2 server3
echo "✅ Secrets injected; containers unchanged."

BIN
user_profile.db
View File

Binary file not shown.