search

anonaddy / addy.io

The source code for addy.io landing page
https://addy.io
MIT License
42 stars 14 forks source link

Self hosting question for .com #17

Closed asimplechap closed 2 years ago

asimplechap commented 2 years ago

I apologise if this is daft. I found the self hosting guide for the app portion. Is there a guide for this part? The .com portion. Cheers

willbrowningme commented 2 years ago

No there isn't a guide for the landing page (anonaddy.com).

anonaddy.com is simply a static site that uses https://jigsaw.tighten.com/ to generate the static files in the build_production folder.

So you would just need to create an Nginx block that points to the build_production directory and make sure you've run npm run production.

For example adapting the Nginx config from the self-hosting instructions:

server {
        listen 80;
        listen [::]:80;

        server_name example.com;
        return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com;
    root /var/www/example.com/build_production;
    server_tokens off;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'";
    add_header Referrer-Policy "origin-when-cross-origin";
    add_header Expect-CT "enforce, max-age=604800";

    index index.html;

    charset utf-8;

    ssl_certificate             /etc/nginx/conf.d/example.com.d/server.crt;
    ssl_certificate_key         /etc/nginx/conf.d/example.com.d/server.key;
    ssl_trusted_certificate     /root/.acme.sh/example.com/fullchain.cer;

    ssl_prefer_server_ciphers   on;
    ssl_session_timeout         5m;
    ssl_protocols               TLSv1.2 TLSv1.3;
    ssl_stapling                on;
    ssl_stapling_verify         on;
    ssl_ciphers                 "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
    ssl_ecdh_curve              secp384r1;
    ssl_session_cache           shared:SSL:10m;
    ssl_session_tickets         off;
    ssl_dhparam                 /etc/nginx/ssl/dhparam.pem;

    location / {
        default_type "text/html";
        expires     24h;
        add_header  Cache-Control "public";
        try_files $uri.html $uri $uri/ =404;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /404;

    location ~ /\.(?!well-known).* {
        deny all;
    }
}
asimplechap commented 2 years ago

What about database calls? I have it installed in /var/www/anonaddy.com and the main app is in ./anonaddy Looking at the code in the directory, I am searching for the database data so I can have different tiers. thanks

willbrowningme commented 2 years ago

This site (anonaddy.com) is a completely static site, there are no database calls at all, it does not connect to any database. All pages are generated from the markdown and blade files.