From 5c42fb7f41c93617599a55cd7e3998956525be3f Mon Sep 17 00:00:00 2001 From: Arthur Arthur Date: Fri, 13 Mar 2026 14:26:26 +0100 Subject: [PATCH] fix(compose): fix nginx config to handle public folder --- app/package.json | 2 +- app/server/app.js | 4 +-- app/server/views/layout.pug | 3 ++- compose.yaml | 15 ++++++++--- nginx/nginx.conf | 20 +++++++++++--- nginx/ssl/nginx.crt | 34 ++++++++++++------------ nginx/ssl/nginx.key | 52 ++++++++++++++++++------------------- 7 files changed, 75 insertions(+), 55 deletions(-) diff --git a/app/package.json b/app/package.json index edfe252..7af2aee 100644 --- a/app/package.json +++ b/app/package.json @@ -5,7 +5,7 @@ "type": "module", "scripts": { "start": "node --env-file=.env ./index.js", - "db:migrate": "node db/migrate.js" + "db:migrate": "node server/db/migrate.js" }, "dependencies": { "@simplewebauthn/server": "^13.2.3", diff --git a/app/server/app.js b/app/server/app.js index 9647c45..8979c01 100644 --- a/app/server/app.js +++ b/app/server/app.js @@ -18,14 +18,14 @@ app.use(logger('dev')); app.use(express.json()); app.use(express.urlencoded({ extended: false })); app.use(cookieParser()); -app.use(express.static(path.join(import.meta.dirname, 'public'))); +// app.use(express.static(path.join(import.meta.dirname, 'public'))); app.use('/', indexRouter); app.use('/users', usersRouter); app.use('/posts', postsRouter); // catch 404 and forward to error handler -app.use(function(_, _, next) { +app.use(function(_req, _res, next) { next(createError(404)); }); diff --git a/app/server/views/layout.pug b/app/server/views/layout.pug index 157b85f..92e5a8a 100644 --- a/app/server/views/layout.pug +++ b/app/server/views/layout.pug @@ -2,8 +2,9 @@ doctype html html head title= title - link(rel='stylesheet', href='/stylesheets/style.css') + link(type='text/css' rel='stylesheet', href='/stylesheets/style.css') block head + link(rel="icon", type="image/x-icon", href="/favicon.ico") body header h1 diff --git a/compose.yaml b/compose.yaml index fd4eb91..352d464 100644 --- a/compose.yaml +++ b/compose.yaml @@ -8,14 +8,16 @@ services: working_dir: /home/node/app volumes: - ./app:/home/node/app + environment: + DB_USER: myuser + DB_PASSWORD: example + DB_DATABASE: pathtoglory + DB_HOST: db develop: watch: - path: ./app/server action: sync+restart target: /home/node/app/server - - path: ./app/public - action: sync - target: /home/node/app/public command: node --env-file=.env ./index.js networks: - app-network @@ -47,12 +49,17 @@ services: volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx/ssl:/etc/nginx/ssl:ro + - ./app/public/:/usr/share/nginx/html:ro + develop: + watch: + - path: ./app/public + action: sync+restart + target: /usr/share/nginx/html depends_on: - app networks: - app-network - networks: app-network: driver: bridge diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 957a369..6c79758 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -3,6 +3,9 @@ events { } http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + # Upstream definitions for load balancing upstream app_servers { server app:3000; @@ -18,7 +21,7 @@ http { # HTTPS server server { listen 443 ssl; - http2 on; + http3 on; server_name localhost; # SSL certificates @@ -27,17 +30,26 @@ http { # SSL settings ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; + ssl_ciphers ECDHE-ECDSA-AES129-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; ssl_prefer_server_ciphers off; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 1d; + ssl_session_cache shared:SSL:11m; + ssl_session_timeout 2d; # Security headers add_header Strict-Transport-Security "max-age=31536000" always; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options DENY; + root /usr/share/nginx/html; + location / { + sendfile on; + sendfile_max_chunk 2m; + + try_files $uri @app; + } + + location @app { proxy_pass http://app_servers; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/nginx/ssl/nginx.crt b/nginx/ssl/nginx.crt index e554bd4..88f5da1 100644 --- a/nginx/ssl/nginx.crt +++ b/nginx/ssl/nginx.crt @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIURlHl95jmWHmHnnvNTxkY7kW4wtowDQYJKoZIhvcNAQEL +MIIDfTCCAmWgAwIBAgIUWsvMHfQcp9IAbwDFqxSmMnhMi0gwDQYJKoZIhvcNAQEL BQAwTjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5 -MQwwCgYDVQQKDANPcmcxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yNjAzMTIxNjE4 -NTJaFw0yNzAzMTIxNjE4NTJaME4xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0 +MQwwCgYDVQQKDANPcmcxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yNjAzMTMxMjMx +NTlaFw0yNzAzMTMxMjMxNTlaME4xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0 ZTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3JnMRIwEAYDVQQDDAlsb2NhbGhv -c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWUpy/ZcJadapNmSGx -tDJpg8e2/KCh4T7iUh90i9g4xZ+0Aq61GXs6pjemTQ11Pq2vW+g2+Ax9Ah98MbW7 -cGNiRZknG9aiIez2FXBjx6MyPmXtvWu57VHbom7rHbASxJmo1hFovbgIlxYL9CKK -PydW8LmvDg3Umfx4PAwRGTJzExI78OZDhBCA+0hFRagWH4jbmjPHJtjavImBSUCr -3V4DdOuS0zcg702Iw/JWPWHpayebziE3DwgKx0h8Szowtk1ElylNUYqC+bRPL0xc -aUY7IwfNdqDq8k/KRq06GKkdfAGVI5/UW9Vg2HuTVj8URyR9mMOPH82cG/FLju0A -fe4dAgMBAAGjUzBRMB0GA1UdDgQWBBSdAtYn/aiQ2VWu5YxaNJfukI5OqTAfBgNV -HSMEGDAWgBSdAtYn/aiQ2VWu5YxaNJfukI5OqTAPBgNVHRMBAf8EBTADAQH/MA0G -CSqGSIb3DQEBCwUAA4IBAQAMTEpQK2asxSBQiGFl1fI1SLycOE1LAu6Fzh/1rzOY -5LRRiLrFbp1DUYvdQvLSDKIztQnFGpZ94ZopZ6ynNbWNJwuZdb1qj6aQ1fEknal1 -pl2wAf+8raGbs/3GDYd0YaVzTlACsPX/DaUj2tchaxlsQaHdRhsz/PHaKPi6AXQk -fYh+sfHgFX4ZmCi5SieGxak/tU7635R1cF+2j8lbepqkbTYgbPVJCH5VmQp0Jp41 -m9OfrH2hgEziFGmadlMd5fMmY4GjWJ/kBixKyXbDM1F+IF3q/kbeIYa1DpG0evgi -keWOA9rdsmxOBJnQTHzfP3PADbBDhpduh6nASBeGsZ19 +c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs/E7zl7jje4rKxjBa +HA908CFWepFU7Q0i7JzhbIigbEdEX/7SqFb2Gl9ijaoccu5fcvuBeStzF9z4ie+i +rxaILtDz76HNxXCRPLKbUe8yKKQwBE2FedCA6FUApp9tLrZv050GHCXa2/rS5SwJ +5ZXirxWSLclNmI5JtPqTqFgMGZsLyUfhD4FNv/QbOgB7IDNwjLIC3Z+jv8kAdaUO +eG+LlZUxH9Tz0UrTmmTzLNp2Ky7O8nEQaRgDpnpTvMgyb7IF8x/u9mQnVIP+5hEJ +JF/PHfPqbF3lmwURypaBcAky3MBqvMwGYLrKGHdEn447vNJlxZ1my6tGXjNhqa3o +OuSXAgMBAAGjUzBRMB0GA1UdDgQWBBQfynYNBWR+i3PaJA+jNVrJUbJmhTAfBgNV +HSMEGDAWgBQfynYNBWR+i3PaJA+jNVrJUbJmhTAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQBMfm5g92DDca2CfXTeNw5+vOC0xqomX6IA7cJiCA8m +IKOcisQZBQCduS77/0WfeQAwARfszdj4XgPo8poZwPWuy4WoPpCcDT82wwLm/oIg +J1z/JcATSTOzDUs2+cVOHcfKx13vvZustumUwMsP2Gy7lqU+SgXH+48HarmhWvxd +5W0tg+W2QIr/YCEwahC1/11zKtcZPfHlQhk2ZfbttpXMcHXJqzQaThd53KPUT8FD +dj5UpFenMsd+b5xjkl+K98EsetpuxCm92VcuXt1UBaClokkE1/ccK+8din1O4fgw +AG8aKlE2FfTNuhcjulHd6PkIcxuecCj33WRDHlxOtDoO -----END CERTIFICATE----- diff --git a/nginx/ssl/nginx.key b/nginx/ssl/nginx.key index f94fa1f..5b5750c 100644 --- a/nginx/ssl/nginx.key +++ b/nginx/ssl/nginx.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCWUpy/ZcJadapN -mSGxtDJpg8e2/KCh4T7iUh90i9g4xZ+0Aq61GXs6pjemTQ11Pq2vW+g2+Ax9Ah98 -MbW7cGNiRZknG9aiIez2FXBjx6MyPmXtvWu57VHbom7rHbASxJmo1hFovbgIlxYL -9CKKPydW8LmvDg3Umfx4PAwRGTJzExI78OZDhBCA+0hFRagWH4jbmjPHJtjavImB -SUCr3V4DdOuS0zcg702Iw/JWPWHpayebziE3DwgKx0h8Szowtk1ElylNUYqC+bRP -L0xcaUY7IwfNdqDq8k/KRq06GKkdfAGVI5/UW9Vg2HuTVj8URyR9mMOPH82cG/FL -ju0Afe4dAgMBAAECggEAAVB1mGLOYTYYKBeHqOMXcb66N0pcKS4r+5SWO9GhMVXh -AJTpbCHt5uRfJjAURwsmP5tBG4HtsgYbul1A5oOkCs7q+OGQbdh4Fuq3EdhEAAN1 -pq96SqTdi1sPNzUKPg/D/Crq+gx2mHSht7cJukW1FViDdxlbW5mBEJgNzvR2cXUc -zAmVyyWF4YQEwb4Iinpyy3wm63+Z49dmBigsavp2lkLW3rcE3JG7Q2jYEkvDyOux -+ankDd4lsxfXWW1rDBLwiK00TZQ4gqM/RRDTXCWxi0E82pq5tjG0Cj0R/4wTe4da -eZjXprU03GfQ9FA186hA8wJcUR1IukBhhZcidNE6jQKBgQDK4QDCPufMx6pTeNz4 -TwfowOms2vuMIHAagAwoYpuukL5PD02bjMOVx1IwMwgauATIT/Gl+8psF6KVkSsT -QiMew1apLqVXAq5YHicpi2atT6z5hV+CjAt3wLzpGcVFDklpGW1f6ALmw/p29tJg -TWquWaqRlrd/EPqR10HH0qbvbwKBgQC9rsKlQTrbKYAxOCyxVhBa4muLGYHMwN8I -5I6Y43Ihf3qvejB2rkPrEkMUR+qhlNDAFdybgcSUP0y17QQ9f1Wz0HKMR4qnRzdL -981rNJ3D1ThaTaO13LSzbZDPBQobaYTMxxMRNpM0e4DtxKaZlhI/9qsIp7hZeTYG -j0LZP9n1MwKBgGo63rbXUXC8q8cBZlLurumE+dZ043pAEfMOUU9kMrh5Oe0TykNE -tbTbpYFvdzLmYDqzAYk0Co4G4i8G0FNJMjKNffcgYZrp4HhrcX4jbCQbsCsHVzd4 -NRkDZud3gv/htza9BbROPBaxT5izLP0YDGA2u0V4caSrM0jiOaNz/c0pAoGAb2sY -KroGOHZINqEon4JOWRRm125EMGGaoT6gBG6Vu9eF2U2M6imy+4HepSsZR5CCjlJJ -I482SV5lUPfIZddGIDlxD7V2XIwYjycgIrjlcwLr9x9j6o+aFUtmpDPxm+h/eUn2 -iUXlcg6ZzRCWS+E7Fxdtn8flIalxcqj0O2imPsECgYAPtq9N//2YgNeNsljLzUqf -4K4eC9mvgKhrlfxSIxcnU6cdftV4Q+6UpWH8rB6+/jBYKsR/fYHlWwDdk8I456aG -cUxYVAH6x/sET1I+79LJJ9bh7Exj4THlohMQPvPAxAghg5d+Ii8iD3cS6mZO5C8e -4aE8vgCGtzLJoAuEcriPqg== +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCs/E7zl7jje4rK +xjBaHA908CFWepFU7Q0i7JzhbIigbEdEX/7SqFb2Gl9ijaoccu5fcvuBeStzF9z4 +ie+irxaILtDz76HNxXCRPLKbUe8yKKQwBE2FedCA6FUApp9tLrZv050GHCXa2/rS +5SwJ5ZXirxWSLclNmI5JtPqTqFgMGZsLyUfhD4FNv/QbOgB7IDNwjLIC3Z+jv8kA +daUOeG+LlZUxH9Tz0UrTmmTzLNp2Ky7O8nEQaRgDpnpTvMgyb7IF8x/u9mQnVIP+ +5hEJJF/PHfPqbF3lmwURypaBcAky3MBqvMwGYLrKGHdEn447vNJlxZ1my6tGXjNh +qa3oOuSXAgMBAAECggEANnKkFyAmXdPA99ox1esHInOCysmBfQ2wGNII/xs+VeA+ +/lKIzp2V4ZijdU3JwXKbfQegCjytZGiacNBZ0QbzPKIfuuguMap3p/9G6IR9mXgZ +VdPE4sJY0npOZwoLHD6bxc8Bma66a4zaAg+IMQVGjDc3vu8ScY4XGzQPuvI95HCW +Dp8fMnPH/CTCORv2rT6qheHUoSLGqH5/zNxhJesKGA9XfA98ZZlQPLXm5swg++20 +jDkk5OSBiNiPCWwINvEBq7jq9xw5/BPnEdSI4HPcYkeSAkxEkFnatfhv0mBP674V +aDgTT8b7RYwezTcJtVCsOAhaouvjTqi9vgHao76a4QKBgQDgq9KHRN5VoYO6fa0t +OBNzKJvwNJWOoK6Ytp93ci6OpdDEcmF+YBD2and0I2sXGHy4tO8me3E2snL+Fn2c +PJjxnWTktAwX2Lfob37gOFjfyPFDyHZUvj8x81u72IiZf4RkYzTBPKcljG4WwnXp +CFOXa4VhxOSxyipU0dvUH5aEDQKBgQDFG3G9qWjJx/m53YKzefxsCHHkd90K3ZLZ +E6BK3s440sm8TOEU1rI1dYUvf/Idz8X8Qg1nf1theWJyiNypw5Y12cFUGZ2wIcMj +zc6cB0q4Y9kjYGGsEZX3W/L6GPFWCQz9YnSwGGC8pkRo1ORPUSqQZsJ1X8xjiXTL +kI3BfUVuMwKBgQCq/jraFvE8rRPL4RDnpJExCUw9slfNWL/pnLybtTx39v2ANim7 +fDQMx5UowDgmOM3b6mFFoZfV8FUSy11IhtpEsezzH5FAqQG3lvwyfNAvagkt9KkS +8ES6qKQ9wJyebu39VX/2PkpcipfTHKeO93ZffUbj1W3VXq9/JMWxmWT+FQKBgCq6 +g1KpKeUsK6+mHFJJ7HWC8yWi8lELrWzPe10fpbbdwwvF4rlAvYsnOcMNSnA5/WJs +8zjve+DKjpPjpWpL0wFDfkx77Rokh4f4coSSdBk60/R+TU4e1dK0pRygUZjkB2Pa +dw9BiZ77sDLFi+TB5Kc/D4KgTM97Gc2TPZenT2jPAoGBAJYrcDoj0WmszjmtB66I +m4RHO55ZNovh1lqjaNisLzJZ2FhRJY/1+rv7vCauw4UVNpsoO8s8owkW8muo+afC +m3Yyzb80mlnL0xFTG6ckjY8TjXXL1zxHR48xPhtvQaFzlM8GgMxa1XvCRosTquM7 +zEs6JfMU65Z5QivvotGBXeKl -----END PRIVATE KEY-----