jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/nginx/README.md
Jeremie Fraeys 3de1e6e9ab feat: add comprehensive configuration and deployment infrastructure 
- Add development and production configuration templates
- Include Docker build files for containerized deployment
- Add Nginx configuration with SSL/TLS setup
- Include environment configuration examples
- Add SSL certificate setup and management
- Configure application schemas and validation
- Support for both local and production deployment scenarios

Provides flexible deployment options from development to production
with proper security, monitoring, and configuration management.
2025-12-04 16:54:02 -05:00

138 lines
3.1 KiB
Markdown
Raw Blame History

# Nginx Configuration for FetchML
This directory contains nginx configurations for FetchML.
## Files
- **`fetchml-site.conf`** - Ready-to-use site configuration (recommended)
- **`nginx-secure.conf`** - Full standalone nginx config (advanced)
- **`setup-nginx.sh`** - Helper script for easy installation
## Quick Setup
### Option 1: Automated (Recommended)
```bash
sudo ./nginx/setup-nginx.sh
```
This will:
- Detect your nginx setup (Debian or RHEL style)
- Prompt for your domain and SSL certificates
- Install the configuration
- Test and reload nginx
### Option 2: Manual
**For Debian/Ubuntu:**
```bash
# 1. Edit fetchml-site.conf and change:
# - ml.example.com to your domain
# - SSL certificate paths
# - Port if not using 9102
# 2. Install
sudo cp nginx/fetchml-site.conf /etc/nginx/sites-available/fetchml
sudo ln -s /etc/nginx/sites-available/fetchml /etc/nginx/sites-enabled/
# 3. Test and reload
sudo nginx -t
sudo systemctl reload nginx
```
**For RHEL/Rocky/CentOS:**
```bash
# 1. Edit fetchml-site.conf (same as above)
# 2. Install
sudo cp nginx/fetchml-site.conf /etc/nginx/conf.d/fetchml.conf
# 3. Test and reload
sudo nginx -t
sudo systemctl reload nginx
```
## Configuration Details
### Endpoints
- `/ws` - WebSocket API (rate limited: 5 req/s)
- `/api/` - REST API (rate limited: 10 req/s)
- `/health` - Health check
- `/grafana/` - Grafana (commented out by default)
### Security Features
- TLSv1.2 and TLSv1.3 only
- Security headers (HSTS, CSP, etc.)
- Rate limiting per endpoint
- Request size limits (10MB)
- Version hiding
### What to Change
Before using, update these values in `fetchml-site.conf`:
1. **Domain**: Replace `ml.example.com` with your domain
2. **SSL Certificates**: Update paths to your actual certificates
3. **Port**: Change `9102` if using a different port
4. **Grafana**: Uncomment if you want to expose it
## SSL Certificates
### Self-Signed (Dev/Testing)
```bash
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/fetchml.key \
-out /etc/ssl/certs/fetchml.crt \
-subj "/CN=ml.example.com"
```
### Let's Encrypt (Production)
```bash
sudo apt-get install certbot python3-certbot-nginx
sudo certbot --nginx -d ml.example.com
```
## Troubleshooting
### Test Configuration
```bash
sudo nginx -t
```
### Check Logs
```bash
sudo tail -f /var/log/nginx/fetchml_error.log
sudo tail -f /var/log/nginx/fetchml_access.log
```
### Verify Proxy
```bash
curl -I https://ml.example.com/health
```
### Common Issues
**"Permission denied" error**: Check that nginx user can access SSL certificates
```bash
sudo chmod 644 /etc/ssl/certs/fetchml.crt
sudo chmod 600 /etc/ssl/private/fetchml.key
```
**WebSocket not working**: Ensure your firewall allows the connection and backend is running
```bash
# Check backend
curl http://localhost:9102/health
# Check firewall
sudo firewall-cmd --list-all
```
## Integration with Existing Nginx
If you already have nginx running, just drop `fetchml-site.conf` into your sites directory. It won't conflict with other sites.
The configuration is self-contained and only handles the specified `server_name`.
Reference in a new issue View git blame Copy permalink