cca4bda1fc
- deploy/deploy.sh: idempotent deploy script with dynamic port
allocation (3011..30200), flock-based concurrency, atomic
.postgrest-port/.nextjs-port writes, port cleanup of the previous
deploy + dev stack, nginx config rendering+reload, healthchecks
with rollback, optional image pruning
- deploy/docker-compose.yml + Dockerfile.nextjs: example stack
consuming ${POSTGREST_HOST_PORT} / ${NEXTJS_HOST_PORT} (kept as
reference; the repo's root docker-compose.yml is the source of
truth for the actual production stack)
- deploy/nginx.conf.template: /api/* -> PostgREST, /* -> Next.js
- deploy/.env.production.example: managed port block + preserved secrets
- deploy/healthcheck.sh: standalone health probe (cron-friendly)
- deploy/Makefile: deploy/status/health/logs/down/rollback targets
- deploy/GITEA_SETUP.md: webhook vs Actions runner instructions
- deploy/README.md + deploy/.gitignore
Note: .gitea/workflows/deploy.yml was deliberately not added — the
existing workflow at that path on Gitea main is the source of truth
and is left untouched.
90 lines
3.0 KiB
Plaintext
90 lines
3.0 KiB
Plaintext
# =============================================================================
|
|
# nginx.conf.template — rendered by deploy.sh on every deploy
|
|
# =============================================================================
|
|
#
|
|
# Variables substituted by `envsubst`:
|
|
# ${POSTGREST_HOST_PORT} dynamic host port of the PostgREST container
|
|
# ${NEXTJS_HOST_PORT} dynamic host port of the Next.js container
|
|
# ${NEXT_PUBLIC_API_URL} (informational only — used in comment header)
|
|
#
|
|
# Layout:
|
|
# /api/* -> http://127.0.0.1:${POSTGREST_HOST_PORT}
|
|
# /* -> http://127.0.0.1:${NEXTJS_HOST_PORT}
|
|
#
|
|
# Tested against nginx >= 1.18 (Debian 11 / Ubuntu 22.04). Adjust ssl_*
|
|
# lines if you don't have a cert yet — deploy.sh only tests/renders, the
|
|
# operator decides whether to terminate TLS here.
|
|
# =============================================================================
|
|
|
|
# --- upstream definitions ---------------------------------------------------
|
|
upstream postgrest_upstream {
|
|
server 127.0.0.1:${POSTGREST_HOST_PORT};
|
|
keepalive 16;
|
|
}
|
|
|
|
upstream nextjs_upstream {
|
|
server 127.0.0.1:${NEXTJS_HOST_PORT};
|
|
keepalive 16;
|
|
}
|
|
|
|
# --- HTTP -> HTTPS upgrade (optional; remove if you only run on LAN) --------
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name _;
|
|
|
|
# ACME http-01 challenge needs to be served on port 80.
|
|
location /.well-known/acme-challenge/ {
|
|
root /var/www/letsencrypt;
|
|
}
|
|
|
|
# Redirect everything else to HTTPS. Comment out for plain-HTTP dev.
|
|
location / {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
}
|
|
|
|
# --- main server block ------------------------------------------------------
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
http2 on;
|
|
server_name _;
|
|
|
|
# --- TLS (uncomment + adjust after you obtain a cert) ------------------
|
|
# ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;
|
|
# ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
|
|
# ssl_protocols TLSv1.2 TLSv1.3;
|
|
# ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
|
# --- sensible defaults ------------------------------------------------
|
|
client_max_body_size 25m;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Connection "";
|
|
|
|
# --- API: /api/* -> PostgREST ----------------------------------------
|
|
location /api/ {
|
|
proxy_pass http://postgrest_upstream;
|
|
proxy_read_timeout 60s;
|
|
proxy_send_timeout 60s;
|
|
}
|
|
|
|
# PostgREST exposes its OpenAPI spec at the root of the API; expose it
|
|
# under a stable URL too.
|
|
location = /api {
|
|
proxy_pass http://postgrest_upstream;
|
|
}
|
|
|
|
# --- everything else -> Next.js --------------------------------------
|
|
location / {
|
|
proxy_pass http://nextjs_upstream;
|
|
proxy_read_timeout 120s;
|
|
proxy_send_timeout 120s;
|
|
}
|
|
}
|