diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md index 9b86068..c0a8885 100644 --- a/DEPLOYMENT.md +++ b/DEPLOYMENT.md @@ -5,7 +5,7 @@ This guide provides step-by-step instructions for deploying the Stones Database ## Prerequisites - A VPS server with Ubuntu/Debian -- A domain or subdomain (e.g., contact.boilerhaus.org) +- A domain or subdomain (e.g., contacts.boilerhaus.org) - SSH access to your server - PostgreSQL database server - Node.js and npm installed on the server @@ -54,7 +54,7 @@ sudo apt install certbot python3-certbot-nginx -y ### 6. Generate SSL certificate ```bash -sudo certbot --nginx -d contact.boilerhaus.org +sudo certbot --nginx -d contacts.boilerhaus.org ``` ### 7. Set up SSH key for Gitea @@ -86,7 +86,7 @@ cd stones Copy the Nginx configuration and deployment script to your repository: -- `contact-boilerhaus-org.conf`: Nginx configuration for your subdomain +- `contacts-boilerhaus-org.conf`: Nginx configuration for your subdomain - `deploy.sh`: Deployment script to automate the deployment process The deployment script is already configured to use your Gitea server: @@ -101,7 +101,7 @@ chmod +x deploy.sh backup-db.sh ### 5. Commit and push these files to your repository ```bash -git add contact-boilerhaus-org.conf deploy.sh backup-db.sh DEPLOYMENT.md +git add contacts-boilerhaus-org.conf deploy.sh backup-db.sh DEPLOYMENT.md git commit -m "Add deployment files" git push origin main ``` diff --git a/contacts-boilerhaus-org.conf b/contacts-boilerhaus-org.conf new file mode 100644 index 0000000..68450b1 --- /dev/null +++ b/contacts-boilerhaus-org.conf @@ -0,0 +1,64 @@ +server { + listen 80; + server_name contacts.boilerhaus.org; + + # Redirect HTTP to HTTPS + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + server_name contacts.boilerhaus.org; + + # SSL Configuration (make sure to update paths to your certificates) + ssl_certificate /etc/letsencrypt/live/boilerhaus.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/boilerhaus.org/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/boilerhaus.org/chain.pem; + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; + ssl_prefer_server_ciphers on; + + # HSTS + add_header Strict-Transport-Security "max-age=63072000" always; + + # Security Headers + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; + add_header X-XSS-Protection "1; mode=block"; + + # Logs + access_log /var/log/nginx/contacts.boilerhaus.org.access.log; + error_log /var/log/nginx/contacts.boilerhaus.org.error.log; + + # Proxy to Node.js application + location / { + proxy_pass http://localhost:3001; # Assuming your Next.js app will run on port 3001 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_cache_bypass $http_upgrade; + } + + # Serve static files directly + location /_next/static { + alias /path/to/your/app/.next/static; + expires 365d; + access_log off; + } + + # Serve public files directly + location /public { + alias /path/to/your/app/public; + expires 365d; + access_log off; + } +} \ No newline at end of file diff --git a/deploy.sh b/deploy.sh index 01bca16..3912acc 100755 --- a/deploy.sh +++ b/deploy.sh @@ -68,7 +68,7 @@ DATABASE_URL="postgresql://username:password@localhost:5432/stones" AUTH_SECRET="your-auth-secret" # Replace with a strong random string # Application -NEXT_PUBLIC_APP_URL="https://contact.boilerhaus.org" +NEXT_PUBLIC_APP_URL="https://contacts.boilerhaus.org" EOF echo -e "${YELLOW}Please update the .env.production file with your actual values.${NC}" fi @@ -93,16 +93,16 @@ fi # Update Nginx configuration echo -e "${YELLOW}Setting up Nginx configuration...${NC}" -NGINX_CONF="/etc/nginx/sites-available/contact-boilerhaus-org.conf" +NGINX_CONF="/etc/nginx/sites-available/contacts-boilerhaus-org.conf" if [ ! -f "$NGINX_CONF" ]; then echo -e "${YELLOW}Copying Nginx configuration file...${NC}" - # Assuming contact-boilerhaus-org.conf is in the same directory as this script - cp ./contact-boilerhaus-org.conf $NGINX_CONF + # Assuming contacts-boilerhaus-org.conf is in the same directory as this script + cp ./contacts-boilerhaus-org.conf $NGINX_CONF # Update paths in the Nginx configuration sed -i "s|/path/to/your/app|$APP_DIR|g" $NGINX_CONF # Create symlink if it doesn't exist - if [ ! -f "/etc/nginx/sites-enabled/contact-boilerhaus-org.conf" ]; then + if [ ! -f "/etc/nginx/sites-enabled/contacts-boilerhaus-org.conf" ]; then ln -s $NGINX_CONF /etc/nginx/sites-enabled/ fi @@ -115,4 +115,4 @@ else fi echo -e "${GREEN}Deployment completed successfully!${NC}" -echo -e "${GREEN}Your application should now be accessible at https://contact.boilerhaus.org${NC}" \ No newline at end of file +echo -e "${GREEN}Your application should now be accessible at https://contacts.boilerhaus.org${NC}" \ No newline at end of file