Merge pull request bitvora#14 from aaccioly-open-source/feature/docker-nginx-ssl

barrydeen · web-flow · commit e40925d7150f · 2024-09-26T14:10:16.000-04:00
New Docker compose with Nginx + SSL Support
diff --git a/.env.example b/.env.example
@@ -88,4 +88,7 @@ AWS_BUCKET_NAME="backups"
 
 ## Blastr Settings
 BLASTR_RELAYS="relay.damus.io,nos.lol,relay.nostr.band,relay.snort.social,nostr.land,nostr.mom,relay.nos.social,relay.primal.net,relay.nostr.bg,no.str.cr,nostr21.com,nostrue.com,relay.siamstr.com,wot.utxo.one,nostrelites.org,wot.nostr.party,wot.sovbit.host,wot.girino.org,relay.lnau.net,wot.siamstr.com,wot.sudocarlos.com,relay.otherstuff.fyi,relay.lexingtonbitcoin.org,wot.azzamo.net,wot.swarmstr.com,zap.watch,satsage.xyz,wons.calva.dev"
-BLASTR_RELAYS_FILE="relays_blastr.json"
+BLASTR_RELAYS_FILE="relays_blastr.json"
+
+# Docker
+ACME_EMAIL=mail@yourdomain.tld
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,6 @@
 .env
 relays_import.json
 relays_blastr.json
-haven
+haven
+.DS_Store
+.idea/
diff --git a/Dockerfile b/Dockerfile
@@ -31,7 +31,7 @@ RUN chown -R appuser:appgroup /app
 USER appuser
 
 # Expose the port that the application will run on
-EXPOSE 3334
+EXPOSE 3355
 
 # Set the command to run the executable
 CMD ["./main"]
diff --git a/README.md b/README.md
@@ -230,6 +230,24 @@ To start the project using Docker Compose, follow these steps:
 
 This will build the Docker image and start the `haven-relay` service as defined in the `docker-compose.yml` file. The application will be accessible on port 3335.
 
+### Nginx + SSL with Docker (optional)
+
+If you want to serve the relay over HTTPS, you can use Nginx as a reverse proxy with SSL termination.
+
+It's recommended to edit the `.env` file and modify the `EMAIL` to a real email address.
+
+You'll also need to expose ports 80 and 443 to the internet and set up your DNS A and AAAA (if you are using IPv6) 
+records to point to your server's IP address.
+
+Finally, run the following command:
+
+```sh
+# in foreground
+docker compose -f docker-compose-nginx-ssl.yml up --build
+# in background
+docker compose -f docker-compose-nginx-ssl.yml up --build -d
+```
+
 ### Hidden Service with Tor and Docker (optional)
 
 Same as the step 6, but with the following command:
diff --git a/docker-compose-nginx-ssl.yml b/docker-compose-nginx-ssl.yml
@@ -0,0 +1,69 @@
+services:
+  relay:
+    container_name: haven-relay
+    build:
+      context: .
+      dockerfile: Dockerfile
+    env_file:
+      - .env
+    environment:
+      - LETSENCRYPT_HOST=${RELAY_URL}
+      - VIRTUAL_HOST=${RELAY_URL}
+      - VIRTUAL_PORT=3355
+    volumes:
+      - "./db:/app/db"
+      - "./haven:/app/haven"
+    user: "${DOCKER_UID:-1000}:${DOCKER_GID:-1000}"
+    network_mode: bridge
+    restart: unless-stopped
+
+  nginx-proxy:
+    image: nginx:alpine
+    container_name: nginx-proxy
+    volumes:
+      # The vhost volume is only required if you
+      # plan to obtain standalone certificates
+      # - vhost:/etc/nginx/vhost.d
+      - conf:/etc/nginx/conf.d
+      - html:/usr/share/nginx/html
+      - certs:/etc/nginx/certs:ro
+    ports:
+      - "80:80"
+      - "443:443"
+    network_mode: bridge
+    restart: unless-stopped
+
+  docker-gen:
+    image: nginxproxy/docker-gen
+    container_name: nginx-proxy-gen
+    command: -notify-sighup nginx-proxy -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
+    volumes_from:
+      - nginx-proxy
+    volumes:
+      - ./nginx/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    labels:
+      - "com.github.nginx-proxy.docker-gen"
+    privileged: true
+    network_mode: bridge
+
+  acme-companion:
+    image: nginxproxy/acme-companion
+    container_name: nginx-proxy-acme
+    environment:
+      - DEFAULT_EMAIL=${ACME_EMAIL}
+    volumes_from:
+      - nginx-proxy
+    volumes:
+      - certs:/etc/nginx/certs:rw
+      - acme:/etc/acme.sh
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    privileged: true
+    network_mode: bridge
+
+volumes:
+  # vhost:
+  conf:
+  html:
+  certs:
+  acme:
diff --git a/nginx/nginx.tmpl b/nginx/nginx.tmpl
