jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/nginx/README.md
Jeremie Fraeys 3de1e6e9ab feat: add comprehensive configuration and deployment infrastructure 
- Add development and production configuration templates
- Include Docker build files for containerized deployment
- Add Nginx configuration with SSL/TLS setup
- Include environment configuration examples
- Add SSL certificate setup and management
- Configure application schemas and validation
- Support for both local and production deployment scenarios

Provides flexible deployment options from development to production
with proper security, monitoring, and configuration management.
2025-12-04 16:54:02 -05:00

3.1 KiB
Raw Blame History

Nginx Configuration for FetchML

This directory contains nginx configurations for FetchML.

Files

  • fetchml-site.conf - Ready-to-use site configuration (recommended)
  • nginx-secure.conf - Full standalone nginx config (advanced)
  • setup-nginx.sh - Helper script for easy installation

Quick Setup

Option 1: Automated (Recommended)

sudo ./nginx/setup-nginx.sh

This will:

  • Detect your nginx setup (Debian or RHEL style)
  • Prompt for your domain and SSL certificates
  • Install the configuration
  • Test and reload nginx

Option 2: Manual

For Debian/Ubuntu:

# 1. Edit fetchml-site.conf and change:
#    - ml.example.com to your domain
#    - SSL certificate paths
#    - Port if not using 9102

# 2. Install
sudo cp nginx/fetchml-site.conf /etc/nginx/sites-available/fetchml
sudo ln -s /etc/nginx/sites-available/fetchml /etc/nginx/sites-enabled/

# 3. Test and reload
sudo nginx -t
sudo systemctl reload nginx

For RHEL/Rocky/CentOS:

# 1. Edit fetchml-site.conf (same as above)

# 2. Install
sudo cp nginx/fetchml-site.conf /etc/nginx/conf.d/fetchml.conf

# 3. Test and reload
sudo nginx -t
sudo systemctl reload nginx

Configuration Details

Endpoints

  • /ws - WebSocket API (rate limited: 5 req/s)
  • /api/ - REST API (rate limited: 10 req/s)
  • /health - Health check
  • /grafana/ - Grafana (commented out by default)

Security Features

  • TLSv1.2 and TLSv1.3 only
  • Security headers (HSTS, CSP, etc.)
  • Rate limiting per endpoint
  • Request size limits (10MB)
  • Version hiding

What to Change

Before using, update these values in fetchml-site.conf:

  1. Domain: Replace ml.example.com with your domain
  2. SSL Certificates: Update paths to your actual certificates
  3. Port: Change 9102 if using a different port
  4. Grafana: Uncomment if you want to expose it

SSL Certificates

Self-Signed (Dev/Testing)

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/ssl/private/fetchml.key \
  -out /etc/ssl/certs/fetchml.crt \
  -subj "/CN=ml.example.com"

Let's Encrypt (Production)

sudo apt-get install certbot python3-certbot-nginx
sudo certbot --nginx -d ml.example.com

Troubleshooting

Test Configuration

sudo nginx -t

Check Logs

sudo tail -f /var/log/nginx/fetchml_error.log
sudo tail -f /var/log/nginx/fetchml_access.log

Verify Proxy

curl -I https://ml.example.com/health

Common Issues

"Permission denied" error: Check that nginx user can access SSL certificates

sudo chmod 644 /etc/ssl/certs/fetchml.crt
sudo chmod 600 /etc/ssl/private/fetchml.key

WebSocket not working: Ensure your firewall allows the connection and backend is running

# Check backend
curl http://localhost:9102/health

# Check firewall
sudo firewall-cmd --list-all

Integration with Existing Nginx

If you already have nginx running, just drop fetchml-site.conf into your sites directory. It won't conflict with other sites.

The configuration is self-contained and only handles the specified server_name.