working on nginx integration

2026-01-12 15:45:15 -05:00
parent 3b80a4c4b1
commit ff217b4086
5 changed files with 96 additions and 12 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 .envrc
 .idea
--- a/abra.sh
+++ b/abra.sh
@ -1 +1,3 @@
 export CONFIG_VERSION=v2
 export CONFIG_JS_VERSION=v1
 export NGINX_CONF_VERSION=v1
--- a/compose.yml
+++ b/compose.yml
@ -3,9 +3,9 @@ version: "3.8"
 services:
  app:
-    image: cryptpad/cryptpad:version-2024.3.0
+    image: cryptpad/cryptpad:version-2025.9.0
    networks:
-      - proxy
+      - backend
    environment:
      - "CPAD_MAIN_DOMAIN=${DOMAIN}"
      - "CPAD_SANDBOX_DOMAIN=${SANDBOX_DOMAIN}"
@ -14,7 +14,8 @@ services:
      - "CPAD_HTTP2_DISABLE=true"
      - "CPAD_REALIP_RECURSIVE=on"
      - "CPAD_REALIP_HEADER=X-Real-Ip"
-      - CPAD_CONF=/cryptpad/config/config.js
+      - "CPAD_TRUST_PROXY=1"
      - "CPAD_CONF=/cryptpad/config/config.js"
    volumes:
      - cryptpad_blob:/cryptpad/blob
@ -31,13 +32,16 @@ services:
      restart_policy:
        condition: on-failure
      labels:
-        - "traefik.enable=true"
+        - "traefik.enable=false"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`, `${SANDBOX_DOMAIN}`${EXTRA_DOMAINS})"
+        - "coop-cloud.${STACK_NAME}.version=0.4.0+version-2025.9.0"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+#        - "traefik.enable=true"
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+#        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
-        - "traefik.http.routers.${STACK_NAME}.tls.domains[0].main=${DOMAIN}"
+#        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`, `${SANDBOX_DOMAIN}`${EXTRA_DOMAINS})"
-        - "traefik.http.routers.${STACK_NAME}.tls.domains[0].sans=${SANDBOX_DOMAIN}"
+#        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
 #        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
 #        - "traefik.http.routers.${STACK_NAME}.tls.domains[0].main=${DOMAIN}"
 #        - "traefik.http.routers.${STACK_NAME}.tls.domains[0].sans=${SANDBOX_DOMAIN}"
        ## Redirect from EXTRA_DOMAINS to DOMAIN
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
@ -50,9 +54,32 @@ services:
    #   retries: 10
    #   start_period: 1m
  web:
    image: nginx:1.25
    configs:
      - source: nginx_conf
        target: /etc/nginx/conf.d/default.conf
    networks:
      proxy:
      backend:
    depends_on:
      - app
    environment:
      - STACK_NAME
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.routers.${STACK_NAME}.tls=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8083"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}` `${SANDBOX_DOMAIN}` ${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
 networks:
  proxy:
    external: true
  backend:
 volumes:
  cryptpad_blob:
@ -67,3 +94,7 @@ configs:
    name: ${STACK_NAME}_config_${CONFIG_VERSION}
    file: config.js.tmpl
    template_driver: golang
  nginx_conf:
    name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
    file: nginx.conf.tmpl
    template_driver: golang
--- a/config.js.tmpl
+++ b/config.js.tmpl
@ -46,7 +46,8 @@ module.exports = {
 *  cryptpad/docs/example.nginx.conf (see the $main_domain variable)
 *
 */
-    httpUnsafeOrigin: 'https://{{ env "CPAD_MAIN_DOMAIN" }}',
+    //httpUnsafeOrigin: 'https://{{ env "CPAD_MAIN_DOMAIN" }}',
    httpUnsafeOrigin: 'http://localhost:3000',
 /*  httpSafeOrigin is the URL that is used for the 'sandbox' described above.
 *  If you're testing or developing with CryptPad on your local machine then
@ -67,7 +68,8 @@ module.exports = {
 *
 *  CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
 */
-    httpSafeOrigin: 'https://{{ env "CPAD_SANDBOX_DOMAIN" }}',
+    //httpSafeOrigin: 'https://{{ env "CPAD_SANDBOX_DOMAIN" }}',
    //httpSafeOrigin: 'http://localhost:3001',
 /*  httpAddress specifies the address on which the nodejs server
 *  should be accessible. By default it will listen on 127.0.0.1
--- a/nginx.conf.tmpl
+++ b/nginx.conf.tmpl
@ -0,0 +1,48 @@
 upstream cryptpad_app {
    server {{ env "STACK_NAME" }}_app:3000;
 }
 upstream cryptpad_ws {
    #server {{ env "STACK_NAME" }}_app:3003;
    server {{ env "STACK_NAME" }}_app:3000;
 }
 server {
    listen 8083;
    server_name localhost;
    access_log /var/log/cpad.log;
    error_log /var/log/cpad-error.log;
    #access_log /dev/null;
    #error_log /dev/null emerg;
    # Main CryptPad app
    location / {
        proxy_pass http://cryptpad_app;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        client_max_body_size 150m;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
    }
    # WebSocket endpoint
    location ^~ /cryptpad_websocket {
        proxy_pass http://cryptpad_ws;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
    }
 }