search

arunoda / meteor-up-legacy

Production Quality Meteor Deployments
MIT License
2.26k stars 395 forks source link

Customising the Nginx environment in mupx #738

Open teknetia opened 8 years ago

teknetia commented 8 years ago

I'm using mupx to deploy which is working great but there are some things I want to modify within Nginx such as enabling HSTS to ensure that http doesn't get used when it shouldn't and certificate based authentication for a bunch of my devices that I don't want to need to need to have passwords for.

Is that possible or if not, is there a way I can manage Nginx separately to handle all of that kind of stuff?

MasterJames commented 8 years ago

This is not an easy proposition at this time. mupx uses https://github.com/meteorhacks/mup-frontend-server when SSL is enabled.

Ultimately you're looking at modifying the docker image. http://docs.docker.com/engine/userguide/dockerimages/

There is a recent post that someone is doing a PR this weekend to be able to change the dockerImage but I suspect that's in mup and not mupx's ssl? There is surely a few other ways to inject something via this 'docker exec' technique etc. docker exec -it bash

Yes, you could also deploy nginx (in another docker) separately as a proxy, with HSTS etc.

You could modify your mupx start.sh here https://github.com/arunoda/meteor-up/blob/mupx/templates/linux/start.sh#L45 to point to a different front-end container and run a different /start.sh found after npm installs mupx here /usr/local/lib/node_modules/mupx/templates/linux/start.sh

teknetia commented 8 years ago

Thanks for the details @MasterJames, I'll do some investigations into the docket image creation option. I assume the docket image is built using the repo you reference by the looks of it?

Wouldn't it be great if you could point to different docker images or config files! I guess my best bet is going to be to fork and modify to suit.

MasterJames commented 8 years ago

I'm no expert here just learning and helping, your issue is advanced for sure. I found a more official link that might be useful here. https://github.com/arunoda/meteor-up/wiki/Using-Meteor-Up-with-NginX-vhosts Seems that's maybe mup and not mupx (more my focus).

MasterJames commented 8 years ago

Oh I thought to look into Atmosphere and search HSTS https://atmospherejs.com/3stack/hsts but maybe not so useful.

teknetia commented 8 years ago

Might be a good temporary solution but ultimately I need to modify the server for certificate based authority anyhow will have to do some digging!

adrianmcli commented 8 years ago

Was wondering if @teknetia found a solution to customize the settings for nginx. I need to do some subdomain routing and I'm not sure how to get at the configuration.

MasterJames commented 8 years ago

This is an olderror thread now. Probably loads of tramsformative changes since then, well maybe not in this version so I figured I better mention that there is a port over at kadirahq/meteor-up to try and consider first. I'm not sure the documentation has been caught up to the development branch mupx here with the newer solutions like hooks and custom docker images etc. I thought meteor 1.3 was going to have a new version of nodejs integrated to solve the SSL TLS problem which is required and handled currently by nginx docker image etc. Only a few weeks ago I saw a Meteor thread about making it work with any version of node, so that's still in the pipeline. Also note Meteor 1.3.2.2 is a brand new official update and solvea module fiber errora that occur with deployment.

ckiely91 commented 8 years ago

I managed to do this by forking the kadirahq/meteor-up repo and updating the src/meteor/assets/start.sh template. The modified start.sh template would look something like this at the bottom:

set +e
docker build -t meteorhacks/mup-frontend-server-modified - << EOF
FROM meteorhacks/mup-frontend-server:latest
# Write a docker script to update/replace /opt/nginx/conf/nginx.conf here
EOF
set -e

docker run \
-d \
--restart=always \
--volume=/opt/$APPNAME/config/bundle.crt:/bundle.crt \
--volume=/opt/$APPNAME/config/private.key:/private.key \
--volume=/home/blog/www:/blog \ # mount additional volumes if necessary
--link=$APPNAME:backend \
--publish=443:443 \
--name=$APPNAME-frontend \
meteorhacks/mup-frontend-server-modified /start.sh

It's not really an ideal solution so perhaps waiting for them to implement deployment hooks in the new repo would be the best way to go.

MasterJames commented 8 years ago

Yup well done. Thanks for sharing.

onucharles commented 8 years ago

Hi @MasterJames Can I use Nginx with Mupx?

MasterJames commented 8 years ago

This thread covers a lot about it.

https://github.com/arunoda/meteor-up/issues/661

It's what is in the front-end certainly the same with the kadirahq/meteor-up port I'm sure.

sahanDissanayake commented 8 years ago

@MasterJames Can this issue be solved with your package ? https://forums.meteor.com/t/allow-user-to-go-https-or-http-for-one-route/25069 ?

MasterJames commented 8 years ago

Nothing on my end currently. When Meteor works with nodejs 6 won't it have TLS aka SSL built into it and then no more need for nginx? https://nodejs.org/api/tls.html Long time to wait for most I guess but that's always been my/the plan. Reduce complexity is the primary goal. Especially while rushing like Lemmings towards the "sigularity". Okay so I followed the link and so if you're talking iframe then maybe a different server on another port with cross domain policy would make it possible.