Add an NGINX in front of NodeBB

roles/docker/defaults/main.yml

@@ -224,6 +224,7 @@ services:
     volume_folder: "{{ volume_root_folder }}/fedidk-nodebb"
     pre_deploy_tasks: true
     version: "4.0.4"
+    nginx_version: 1.27.4-alpine
     mongodb_version: 7-jammy
     allowed_sender_domain: true
 

roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml

@@ -1,5 +1,19 @@
 # vim: ft=yaml.ansible
 ---
+- name: Create subdirectory for NGINX config files
+  ansible.builtin.file:
+    path: "{{ services.fedi_dk_nodebb.volume_folder }}/nginx"
+    owner: root
+    mode: u=rwx,g=rx,o=rx
+    state: directory
+
+- name: Upload NGINX configs
+  ansible.builtin.template:
+    src: fedi_dk_nodebb/nginx/http.conf.j2
+    dest: "{{ services.fedi_dk_nodebb.volume_folder }}/nginx/http.conf"
+    owner: root
+    mode: u=rw,g=r,o=r
+
 - name: Create subfolder for uploads
   file:
     name: "{{ services.fedi_dk_nodebb.volume_folder }}/uploads"

roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2

@@ -1,10 +1,25 @@
 services:
+  nginx:
+    image: nginx:{{ services.fedi_dk_nodebb.nginx_version }}
+    restart: always
+    networks:
+      - default
+      - external_services
+    volumes:
+      - "./nginx:/etc/nginx/conf.d:ro"
+      - "./build:/usr/src/app/build:rw"
+    environment:
+      VIRTUAL_HOST: {{ services.fedi_dk_nodebb.domain }}
+      VIRTUAL_PORT: 80
+      LETSENCRYPT_HOST: {{ services.fedi_dk_nodebb.domain }}
+      LETSENCRYPT_EMAIL: {{ letsencrypt_email }}
+
   mongodb:
     image: mongo:{{ services.fedi_dk_nodebb.mongodb_version }}
     restart: always
     volumes:
-      - ./mongodb:/data/db:rw
+      - "./mongodb:/data/db:rw"
-      - ./mongodb-user-init.js:/docker-entrypoint-initdb.d/user-init.js:ro
+      - "./mongodb-user-init.js:/docker-entrypoint-initdb.d/user-init.js:ro"
     environment:
       MONGO_INITDB_ROOT_USERNAME: nodebb
       MONGO_INITDB_ROOT_PASSWORD: {{ fedi_dk_nodebb_secrets.mongodb_password }}
@@ -15,17 +30,11 @@ services:
     networks:
       - default
       - postfix
-      - external_services
     volumes:
-      - ./build:/usr/src/app/build:rw
+      - "./build:/usr/src/app/build:rw"
-      - ./uploads:/usr/src/app/public/uploads:rw
+      - "./uploads:/usr/src/app/public/uploads:rw"
-      - ./config:/opt/config:rw
+      - "./config:/opt/config:rw"
-      - ./setup.json:/usr/src/app/setup.json:ro
+      - "./setup.json:/usr/src/app/setup.json:ro"
-    environment:
-      VIRTUAL_HOST: {{ services.fedi_dk_nodebb.domain }}
-      VIRTUAL_PORT: 4567
-      LETSENCRYPT_HOST: {{ services.fedi_dk_nodebb.domain }}
-      LETSENCRYPT_EMAIL: {{ letsencrypt_email }}
     depends_on:
       - mongodb
 

roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2

@@ -0,0 +1,44 @@
+resolver 127.0.0.11 valid=30s ipv6=off;
+
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+
+upstream workers {
+    server app:4567;
+}
+
+server {
+    listen 80;
+    server_name {{ services.fedi_dk_nodebb.domain }};
+
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_redirect off;
+
+    # Socket.io Support
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    gzip            on;
+    gzip_min_length 1000;
+    gzip_proxied    off;
+    gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;
+
+    location @nodebb {
+        proxy_pass http://workers;
+    }
+
+    location ~ ^/assets/(.*) {
+        root /usr/src/app;
+        try_files /build/public/$1 @nodebb;
+    }
+
+    location / {
+        proxy_pass http://workers;
+    }
+}