Created
June 13, 2018 07:45
-
-
Save bastientanesie/54c15b4a493377ab6077e0f75f879906 to your computer and use it in GitHub Desktop.
Nucleus 0.7.5 + Nginx config files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 0.0.0.0:80; | |
server_name release.myapp.com; | |
server_tokens off; | |
return 301 https://$server_name$request_uri; | |
} | |
upstream nucleus { | |
server 127.0.0.1:8181 fail_timeout=0; | |
} | |
server { | |
listen 443 http2; | |
server_name release.myapp.com; | |
server_tokens off; | |
ssl on; | |
ssl_certificate /etc/letsencrypt/live/release.myapp.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/release.myapp.com/privkey.pem; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-SSL on; | |
location / { | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_pass http://nucleus; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 0.0.0.0:80; | |
server_name update.myapp.com; | |
server_tokens off; | |
return 301 https://$server_name$request_uri; | |
} | |
server { | |
listen 443 http2 default_server; | |
server_name update.myapp.com; | |
server_tokens off; | |
root /srv/nucleus/releases; | |
ssl on; | |
ssl_certificate /etc/letsencrypt/live/update.myapp.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/update.myapp.com/privkey.pem; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-SSL on; | |
location / { | |
try_files $uri $uri/ =404; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
proxy_redirect off; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
client_max_body_size 200m; | |
client_body_buffer_size 128k; | |
client_header_buffer_size 64k; | |
proxy_connect_timeout 90; | |
proxy_send_timeout 90; | |
proxy_read_timeout 90; | |
proxy_buffer_size 16k; | |
proxy_buffers 32 16k; | |
proxy_busy_buffers_size 64k; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const path = require('path'); | |
module.exports = { | |
/** | |
* The port to run Nucleus Server on, if the port is in use the server will not start | |
*/ | |
port: '8181', | |
/** | |
* The fully qualified domain + path that Nucleus is being hosted at | |
*/ | |
baseURL: 'http://127.0.0.1', | |
/** | |
* The data store to use when persisting plugins and versions. Current possible values | |
* are "sequelize", ensure you also supply valid connection details for your | |
* chosen strategy below. | |
* | |
* PR's welcome to add another data store. | |
*/ | |
dbStrategy: 'sequelize', | |
/** | |
* Sequelize connection information, please note all options are required | |
* | |
* database: The name of the database to connect to | |
* dialect: The type of SQL database this is, check sequelize docs for more info | |
* username: Username to use when connecting | |
* password; Password to use when connecting | |
* host: Hostname of database | |
* port: Port to use when connecting | |
* storage: Path to sqlite file, only used for sqlite dialect | |
*/ | |
sequelize: { | |
dialect: 'sqlite', | |
storage: path.resolve(__dirname, 'db.sqlite'), | |
}, | |
/** | |
* The file store to use when persisting update files and metadata. Current possible | |
* values are "s3" and "local" ensure you also supply valid connection details if | |
* required for your chosen strategy below. | |
* | |
* PR's welcome to add another file store. | |
*/ | |
fileStrategy: 'local', | |
/** | |
* Local file configuration | |
* | |
* root: Path on disk to the root of the static file store | |
* staticUrl: The HTTP url to use to access the static file store remotely | |
*/ | |
local: { | |
root: path.resolve(__dirname, 'releases'), | |
staticUrl: 'https://update.myapp.com' | |
}, | |
/** | |
* There is actually no authentication config for s3, all config must be done through the standard AWS | |
* environment variables or through EC2 IAM roles. | |
* | |
* See http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html | |
* | |
* Bucket / Region / CloudFront config goes here though | |
*/ | |
s3: { | |
bucketName: '', // The name for your S3 Bucket | |
cloudfront: { // If you don't have CloudFront set up and just want to use the S3 bucket set this to "null | |
distributionId: '', // The CloudFront distribution ID, used for invalidating files | |
publicUrl: '', // Fully qualified URL for the root of the CloudFront proxy for the S3 bucket | |
} | |
}, | |
/** | |
* The authentication strategy to use when logging users in. Current possible values are "local", | |
* "openid" and "github". Make you also supply the required authentication details | |
*/ | |
authStrategy: 'local', | |
/** | |
* Local authentication details | |
* | |
* The `adminIdentifiers` array should be a list of usernames | |
* | |
* DISCLAIMER: This strategy should ONLY be used for local development and NEVER | |
* used in production. Unicorns cry every time this setting is used in production. | |
* Don't make the unicorns cry. | |
* | |
* displayName: The user friendly name of this user | |
* username: A unique identifier to use when this user signs in, please note uniqueness is | |
* not enforced | |
* password: Well, uhhh, their password | |
* photo: A URL for their profile, entirely optional, just makes things look nicer ;) | |
*/ | |
localAuth: [{ | |
displayName: 'MyApp', | |
username: 'MyUsername', | |
password: 'MyPassword', | |
photo: 'SomeAvatarURL' | |
}], | |
/** | |
* OpenID authentication details | |
* | |
* The `adminIdentifiers` array should be a list of email | |
* addresses for users to consider admins | |
* | |
* realm: The domain that the server is hosted on | |
* stateless: Stateless mode for openID | |
* profile: Whether to fetch profile information, should normally be true | |
* providerURL: Your openID provider URL | |
* domain: Domain to restrict email addresses to | |
*/ | |
openid: { | |
realm: 'http://localhost:8888', | |
stateless: true, | |
profile: true, | |
providerURL: 'https://auth.myservice.com/openid/v2/op', | |
domain: 'myservice.com' | |
}, | |
/** | |
* GitHub authentication details | |
* | |
* The `adminIdentifiers` array should be a list of GitHub usernames | |
* to consider admins | |
* | |
* clientID: GitHub API client ID | |
* clientSecret: GitHub API clientSecret | |
* realm: The domain the server is hosted on | |
*/ | |
github: { | |
clientID: '', | |
clientSecret: '' | |
}, | |
/** | |
* See the documentation for your authentication strategy for what this array does | |
*/ | |
adminIdentifiers: ['MyUsername'], | |
/** | |
* Session options, in development just leave this as default. | |
* | |
* IN PRODUCTION PLEASE USE REDIS! | |
* | |
* type: Can be either "redis" or null | |
* | |
* redis: | |
* host: The host URL for the redis instance | |
* port: The port for the redis instance | |
*/ | |
sessionConfig: { | |
type: null, | |
secret: 'SomeRandomHash', | |
redis: { | |
host: '', | |
port: '' | |
} | |
}, | |
organization: 'MyOrg', | |
/** | |
* GPG key to use when signing APT and YUM releases | |
* | |
* Requires to be unlocked (no password) and have both the private and | |
* public key. | |
*/ | |
gpgSigningKey: 'My public GPG key + my private GPG key' | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment