3de1e6e9ab
- Add development and production configuration templates - Include Docker build files for containerized deployment - Add Nginx configuration with SSL/TLS setup - Include environment configuration examples - Add SSL certificate setup and management - Configure application schemas and validation - Support for both local and production deployment scenarios Provides flexible deployment options from development to production with proper security, monitoring, and configuration management. |
||
|---|---|---|
| .. | ||
| fetchml-site.conf | ||
| nginx-secure.conf | ||
| README.md | ||
| setup-nginx.sh | ||
Nginx Configuration for FetchML
This directory contains nginx configurations for FetchML.
Files
fetchml-site.conf- Ready-to-use site configuration (recommended)nginx-secure.conf- Full standalone nginx config (advanced)setup-nginx.sh- Helper script for easy installation
Quick Setup
Option 1: Automated (Recommended)
sudo ./nginx/setup-nginx.sh
This will:
- Detect your nginx setup (Debian or RHEL style)
- Prompt for your domain and SSL certificates
- Install the configuration
- Test and reload nginx
Option 2: Manual
For Debian/Ubuntu:
# 1. Edit fetchml-site.conf and change:
# - ml.example.com to your domain
# - SSL certificate paths
# - Port if not using 9102
# 2. Install
sudo cp nginx/fetchml-site.conf /etc/nginx/sites-available/fetchml
sudo ln -s /etc/nginx/sites-available/fetchml /etc/nginx/sites-enabled/
# 3. Test and reload
sudo nginx -t
sudo systemctl reload nginx
For RHEL/Rocky/CentOS:
# 1. Edit fetchml-site.conf (same as above)
# 2. Install
sudo cp nginx/fetchml-site.conf /etc/nginx/conf.d/fetchml.conf
# 3. Test and reload
sudo nginx -t
sudo systemctl reload nginx
Configuration Details
Endpoints
/ws- WebSocket API (rate limited: 5 req/s)/api/- REST API (rate limited: 10 req/s)/health- Health check/grafana/- Grafana (commented out by default)
Security Features
- TLSv1.2 and TLSv1.3 only
- Security headers (HSTS, CSP, etc.)
- Rate limiting per endpoint
- Request size limits (10MB)
- Version hiding
What to Change
Before using, update these values in fetchml-site.conf:
- Domain: Replace
ml.example.comwith your domain - SSL Certificates: Update paths to your actual certificates
- Port: Change
9102if using a different port - Grafana: Uncomment if you want to expose it
SSL Certificates
Self-Signed (Dev/Testing)
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/fetchml.key \
-out /etc/ssl/certs/fetchml.crt \
-subj "/CN=ml.example.com"
Let's Encrypt (Production)
sudo apt-get install certbot python3-certbot-nginx
sudo certbot --nginx -d ml.example.com
Troubleshooting
Test Configuration
sudo nginx -t
Check Logs
sudo tail -f /var/log/nginx/fetchml_error.log
sudo tail -f /var/log/nginx/fetchml_access.log
Verify Proxy
curl -I https://ml.example.com/health
Common Issues
"Permission denied" error: Check that nginx user can access SSL certificates
sudo chmod 644 /etc/ssl/certs/fetchml.crt
sudo chmod 600 /etc/ssl/private/fetchml.key
WebSocket not working: Ensure your firewall allows the connection and backend is running
# Check backend
curl http://localhost:9102/health
# Check firewall
sudo firewall-cmd --list-all
Integration with Existing Nginx
If you already have nginx running, just drop fetchml-site.conf into your sites directory. It won't conflict with other sites.
The configuration is self-contained and only handles the specified server_name.