Update deployment files for contacts.boilerhaus.org

2025-03-18 22:32:52 -04:00 · 2025-03-18 22:32:52 -04:00 · b8be2cd4b2
parent bde98be752
commit b8be2cd4b2
3 changed files with 74 additions and 10 deletions
--- a/DEPLOYMENT.md
+++ b/DEPLOYMENT.md
@ -5,7 +5,7 @@ This guide provides step-by-step instructions for deploying the Stones Database
 ## Prerequisites

 - A VPS server with Ubuntu/Debian
- A domain or subdomain (e.g., contact.boilerhaus.org)
+- A domain or subdomain (e.g., contacts.boilerhaus.org)
 - SSH access to your server
 - PostgreSQL database server
 - Node.js and npm installed on the server
@ -54,7 +54,7 @@ sudo apt install certbot python3-certbot-nginx -y

 ### 6. Generate SSL certificate
 ```bash
-sudo certbot --nginx -d contact.boilerhaus.org
+sudo certbot --nginx -d contacts.boilerhaus.org
 ```

 ### 7. Set up SSH key for Gitea
@ -86,7 +86,7 @@ cd stones

 Copy the Nginx configuration and deployment script to your repository:

- `contact-boilerhaus-org.conf`: Nginx configuration for your subdomain
+- `contacts-boilerhaus-org.conf`: Nginx configuration for your subdomain
 - `deploy.sh`: Deployment script to automate the deployment process

 The deployment script is already configured to use your Gitea server:
@ -101,7 +101,7 @@ chmod +x deploy.sh backup-db.sh

 ### 5. Commit and push these files to your repository
 ```bash
-git add contact-boilerhaus-org.conf deploy.sh backup-db.sh DEPLOYMENT.md
+git add contacts-boilerhaus-org.conf deploy.sh backup-db.sh DEPLOYMENT.md
 git commit -m "Add deployment files"
 git push origin main
 ```
--- a/contacts-boilerhaus-org.conf
+++ b/contacts-boilerhaus-org.conf
@ -0,0 +1,64 @@
+server {
+    listen 80;
+    server_name contacts.boilerhaus.org;
+    
+    # Redirect HTTP to HTTPS
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name contacts.boilerhaus.org;
+    
+    # SSL Configuration (make sure to update paths to your certificates)
+    ssl_certificate /etc/letsencrypt/live/boilerhaus.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/boilerhaus.org/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/boilerhaus.org/chain.pem;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
+    ssl_prefer_server_ciphers on;
+    
+    # HSTS
+    add_header Strict-Transport-Security "max-age=63072000" always;
+    
+    # Security Headers
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options SAMEORIGIN;
+    add_header X-XSS-Protection "1; mode=block";
+    
+    # Logs
+    access_log /var/log/nginx/contacts.boilerhaus.org.access.log;
+    error_log /var/log/nginx/contacts.boilerhaus.org.error.log;
+    
+    # Proxy to Node.js application
+    location / {
+        proxy_pass http://localhost:3001;  # Assuming your Next.js app will run on port 3001
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+    }
+    
+    # Serve static files directly
+    location /_next/static {
+        alias /path/to/your/app/.next/static;
+        expires 365d;
+        access_log off;
+    }
+    
+    # Serve public files directly
+    location /public {
+        alias /path/to/your/app/public;
+        expires 365d;
+        access_log off;
+    }
+} 
--- a/deploy.sh
+++ b/deploy.sh
@ -68,7 +68,7 @@ DATABASE_URL="postgresql://username:password@localhost:5432/stones"
 AUTH_SECRET="your-auth-secret"  # Replace with a strong random string

 # Application
-NEXT_PUBLIC_APP_URL="https://contact.boilerhaus.org"
+NEXT_PUBLIC_APP_URL="https://contacts.boilerhaus.org"
 EOF
    echo -e "${YELLOW}Please update the .env.production file with your actual values.${NC}"
 fi
@ -93,16 +93,16 @@ fi

 # Update Nginx configuration
 echo -e "${YELLOW}Setting up Nginx configuration...${NC}"
-NGINX_CONF="/etc/nginx/sites-available/contact-boilerhaus-org.conf"
+NGINX_CONF="/etc/nginx/sites-available/contacts-boilerhaus-org.conf"
 if [ ! -f "$NGINX_CONF" ]; then
    echo -e "${YELLOW}Copying Nginx configuration file...${NC}"
-    # Assuming contact-boilerhaus-org.conf is in the same directory as this script
-    cp ./contact-boilerhaus-org.conf $NGINX_CONF
+    # Assuming contacts-boilerhaus-org.conf is in the same directory as this script
+    cp ./contacts-boilerhaus-org.conf $NGINX_CONF
    # Update paths in the Nginx configuration
    sed -i "s|/path/to/your/app|$APP_DIR|g" $NGINX_CONF
    
    # Create symlink if it doesn't exist
-    if [ ! -f "/etc/nginx/sites-enabled/contact-boilerhaus-org.conf" ]; then
+    if [ ! -f "/etc/nginx/sites-enabled/contacts-boilerhaus-org.conf" ]; then
        ln -s $NGINX_CONF /etc/nginx/sites-enabled/
    fi
    
@ -115,4 +115,4 @@ else
 fi

 echo -e "${GREEN}Deployment completed successfully!${NC}"
-echo -e "${GREEN}Your application should now be accessible at https://contact.boilerhaus.org${NC}" 
+echo -e "${GREEN}Your application should now be accessible at https://contacts.boilerhaus.org${NC}"