Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
nanopub-server under single hostname https on Ubuntu 16.04
version: '2'
volumes:
mongodata:
rdfsink:
virtuosodb:
services:
server:
environment:
- NPS_PUBLIC_URL=https://openphacts.cs.man.ac.uk/nanopub/server/
ldf:
environment:
- BASEURL=https://openphacts.cs.man.ac.uk/nanopub/ldf/
grlc:
environment:
- GRLC_SERVER_NAME=openphacts.cs.man.ac.uk
db:
volumes:
- mongodata:/data/db
rdfsink:
volumes:
- rdfsink:/data
virtuoso:
volumes:
- virtuosodb:/data
#(base) stain@ondex2:~/nanopub-server$ docker-compose exec grlc sh
# cat config.ini
[auth]
github_access_token =
[local]
local_sparql_dir = /home/grlc/queries/
[defaults]
# Default endpoint, if none specified elsewhere
sparql_endpoint = http://virtuoso:8890/sparql/
server_name = openphacts.cs.man.ac.uk
# endpoint default authentication
user = none
password = none
# Logging level
debug = True
#docker-compose exec nginx sh
# cat /etc/nginx/conf.d/default.conf
server {
listen 80;
location ~ ^/$ {
return 301 ./tapas/tapas.html;
}
location /tapas/ {
root /var/www/;
}
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://grlc:80/;
}
}
// docker-compose exec ldf sh
// cat config.json
{
"title": "My Linked Data Fragments server",
"protocol": "http",
"baseURL": "https://openphacts.cs.man.ac.uk/nanopub/ldf/",
"datasources": {
"np": {
"title": "Nanopublications",
"type": "SparqlDatasource",
"description": "Nanopublications",
"settings": { "endpoint": "http://virtuoso:8890/sparql" }
}
},
"prefixes": {
"rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
"rdfs": "http://www.w3.org/2000/01/rdf-schema#",
"xsd": "http://www.w3.org/2001/XMLSchema#",
"dc": "http://purl.org/dc/terms/",
"foaf": "http://xmlns.com/foaf/0.1/",
"dbpedia": "http://dbpedia.org/resource/",
"dbpedia-owl": "http://dbpedia.org/ontology/",
"dbpprop": "http://dbpedia.org/property/",
"hydra": "http://www.w3.org/ns/hydra/core#",
"void": "http://rdfs.org/ns/void#"
}
}
# docker-compose exec nginx sh
# cat /var/www/tapas/local-tapas-config.js
var grlcInstance = '..';
var defaultApi = 'local/local';
var defaultApiLongName = 'Nanopublication API';
var defaultApiShortName = 'nanopub-api';
var apiChangeable = false;
<!DOCTYPE html>
<html lang="en">
<head><title>Nanopublication server openphacts.cs.man.ac.uk</title>
<body>
<h1>Nanopublication server openphacts.cs.man.ac.uk</h1>
<ul>
<li><a href="server/">server</a> - NanoPub server API</li>
<li><a href="ldf/np">ldf</a> - Linked Data Fragments API</li>
<li><a href="grlc/">grlc</a> - GRLC SPARQ-to-REST API</li>
</ul>
<address><a href="https://twitter.com/soilandreyes">@soilandreyes</a></address>
</body>
</html>
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
# SSL configuration
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name openphacts.cs.man.ac.uk;
location /nanopub/server {
proxy_pass http://localhost:7880/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
location /nanopub/grlc {
proxy_pass http://localhost:7881/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
location /nanopub/ldf {
proxy_pass http://localhost:7882;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
location /nanopub {
try_files $uri $uri/ =404;
}
location /nanopub-server {
rewrite ^/nanopub-server(.*) https://openphacts.cs.man.ac.uk/nanopub/server$1 permanent;
return 301;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/openphacts.cs.man.ac.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/openphacts.cs.man.ac.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Client certificate for code-server
## https://gist.github.com/mtigas/952344
ssl_client_certificate /root/ca/intermediate/certs/ca-chain.cert.pem;
ssl_verify_client optional;
}
server {
location /.well-known {
try_files $uri $uri/ =404;
}
if ($host = ondex2.cs.man.ac.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = openphacts.cs.man.ac.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name openphacts.cs.man.ac.uk ondex2.cs.man.ac.uk;
return 301 https://openphacts.cs.man.ac.uk/;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.