Scripts for installing and starting the app and nginx proxy. Includes systemd user service units and nginx configs for both user-mode 8443 and system-mode 443.
90 lines
2.1 KiB
Markdown
90 lines
2.1 KiB
Markdown
# Local Kanban Nginx
|
|
|
|
## Current User-Mode HTTPS Proxy
|
|
|
|
This repo includes a user-mode Nginx config that does not require sudo:
|
|
|
|
```bash
|
|
nginx -c /home/gahow/projects/kanban/deploy/nginx.user-8443.conf \
|
|
-p /home/gahow/projects/kanban/.nginx
|
|
```
|
|
|
|
It listens on:
|
|
|
|
```text
|
|
https://gahow-pc.ipads-lab.se.sjtu.edu.cn:8443
|
|
```
|
|
|
|
It uses the self-signed certificate under `deploy/certs/`, so browsers will show a certificate warning unless the certificate is trusted locally.
|
|
|
|
Reload it with:
|
|
|
|
```bash
|
|
nginx -s reload \
|
|
-c /home/gahow/projects/kanban/deploy/nginx.user-8443.conf \
|
|
-p /home/gahow/projects/kanban/.nginx
|
|
```
|
|
|
|
Stop it with:
|
|
|
|
```bash
|
|
nginx -s stop \
|
|
-c /home/gahow/projects/kanban/deploy/nginx.user-8443.conf \
|
|
-p /home/gahow/projects/kanban/.nginx
|
|
```
|
|
|
|
## Production 443 Proxy
|
|
|
|
For port 443, install `deploy/nginx.local-kanban.conf` into the system Nginx site directory and use a trusted certificate. The root domain serves the portal page, and individual apps keep their own ports:
|
|
|
|
```bash
|
|
sudo cp deploy/nginx.local-kanban.conf /etc/nginx/sites-available/local-kanban
|
|
sudo ln -sf /etc/nginx/sites-available/local-kanban /etc/nginx/sites-enabled/local-kanban
|
|
sudo nginx -t
|
|
sudo systemctl reload nginx
|
|
```
|
|
|
|
The install script intentionally does not bind port 80 by default, because another local service may already own it. Enable HTTP-to-HTTPS redirect only when port 80 is free:
|
|
|
|
```bash
|
|
KANBAN_ENABLE_HTTP_REDIRECT=1 ./scripts/install-nginx-system.sh
|
|
```
|
|
|
|
The Node app should run only on localhost behind Nginx:
|
|
|
|
```bash
|
|
KANBAN_HOST=127.0.0.1 \
|
|
KANBAN_PORT=5180 \
|
|
KANBAN_AUTH_SECURE_COOKIE=1 \
|
|
KANBAN_REQUIRE_HTTPS=1 \
|
|
npm start
|
|
```
|
|
|
|
Kanban is then normally reached through the user-mode HTTPS proxy on:
|
|
|
|
```text
|
|
https://gahow-pc.ipads-lab.se.sjtu.edu.cn:8443/
|
|
```
|
|
|
|
## Persistent User Services
|
|
|
|
Use the user-level systemd units when the service should stay up without an open shell:
|
|
|
|
```bash
|
|
./scripts/install-user-systemd.sh
|
|
```
|
|
|
|
This installs and starts:
|
|
|
|
```text
|
|
local-kanban.service
|
|
local-kanban-nginx-8443.service
|
|
```
|
|
|
|
Check them with:
|
|
|
|
```bash
|
|
systemctl --user status local-kanban.service
|
|
systemctl --user status local-kanban-nginx-8443.service
|
|
```
|