jocke/bilhej
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases 1 Packages Wiki Activity Actions
bilhej/docker/bilhej.nginx.conf
Joakim Mörling 0137a5005b
All checks were successful
CI / Lint, type check, unit tests, coverage (push) Successful in 1m51s
Details
CI / E2E browser tests (push) Successful in 1m18s
Details
feat: add production deploy pipeline and nginx config for bilhej.se 
Add a manually-triggered deploy workflow that builds production Docker
images and starts the stack on the srvr.nu server.

- : workflow_dispatch with version input,
  writes production .env from Forgejo secrets, builds and starts the
  docker-compose.prod.yml stack, runs health checks via temporary curl
  containers on the bilhej_default Docker network, tags the git commit.

- : nginx server block for bilhej.se.
  Handles HTTP→HTTPS redirect, SSL termination with Let's Encrypt certs,
  and proxies all traffic to the bilhej-frontend-prod container on the
  Docker 'web' network. The frontend container handles /api/ proxying
  to the backend internally.

To deploy:
1. Add production secrets to Forgejo (Settings → Actions → Secrets)
2. Trigger deploy from Actions → Deploy to Production
3. Run certbot for bilhej.se SSL (one-time setup)
4. Add docker/bilhej.nginx.conf to srvr.nu nginx container
5. Point bilhej.se DNS A record to srvr.nu IP
2026-05-19 21:21:36 +02:00

42 lines
1.2 KiB
Text
Raw Blame History

# Nginx server block for bilhej.se
# Add this to /etc/nginx/conf.d/ inside the nginx container on srvr.nu
server {
listen 80;
server_name bilhej.se www.bilhej.se;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name bilhej.se www.bilhej.se;
ssl_certificate /etc/letsencrypt/live/bilhej.se/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bilhej.se/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
location / {
proxy_pass http://bilhej-frontend-prod:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_buffering off;
}
# The frontend container proxies /api/ to the backend internally.
# No need for a separate /api/ block here.
}
Reference in a new issue View git blame Copy permalink