Files
kanban/deploy/README.md
Gahow Wang 72289d2c75 ops: add deployment scripts and nginx/systemd configs
Scripts for installing and starting the app and nginx proxy.
Includes systemd user service units and nginx configs for
both user-mode 8443 and system-mode 443.
2026-05-15 11:14:16 +08:00

90 lines
2.1 KiB
Markdown

# Local Kanban Nginx
## Current User-Mode HTTPS Proxy
This repo includes a user-mode Nginx config that does not require sudo:
```bash
nginx -c /home/gahow/projects/kanban/deploy/nginx.user-8443.conf \
-p /home/gahow/projects/kanban/.nginx
```
It listens on:
```text
https://gahow-pc.ipads-lab.se.sjtu.edu.cn:8443
```
It uses the self-signed certificate under `deploy/certs/`, so browsers will show a certificate warning unless the certificate is trusted locally.
Reload it with:
```bash
nginx -s reload \
-c /home/gahow/projects/kanban/deploy/nginx.user-8443.conf \
-p /home/gahow/projects/kanban/.nginx
```
Stop it with:
```bash
nginx -s stop \
-c /home/gahow/projects/kanban/deploy/nginx.user-8443.conf \
-p /home/gahow/projects/kanban/.nginx
```
## Production 443 Proxy
For port 443, install `deploy/nginx.local-kanban.conf` into the system Nginx site directory and use a trusted certificate. The root domain serves the portal page, and individual apps keep their own ports:
```bash
sudo cp deploy/nginx.local-kanban.conf /etc/nginx/sites-available/local-kanban
sudo ln -sf /etc/nginx/sites-available/local-kanban /etc/nginx/sites-enabled/local-kanban
sudo nginx -t
sudo systemctl reload nginx
```
The install script intentionally does not bind port 80 by default, because another local service may already own it. Enable HTTP-to-HTTPS redirect only when port 80 is free:
```bash
KANBAN_ENABLE_HTTP_REDIRECT=1 ./scripts/install-nginx-system.sh
```
The Node app should run only on localhost behind Nginx:
```bash
KANBAN_HOST=127.0.0.1 \
KANBAN_PORT=5180 \
KANBAN_AUTH_SECURE_COOKIE=1 \
KANBAN_REQUIRE_HTTPS=1 \
npm start
```
Kanban is then normally reached through the user-mode HTTPS proxy on:
```text
https://gahow-pc.ipads-lab.se.sjtu.edu.cn:8443/
```
## Persistent User Services
Use the user-level systemd units when the service should stay up without an open shell:
```bash
./scripts/install-user-systemd.sh
```
This installs and starts:
```text
local-kanban.service
local-kanban-nginx-8443.service
```
Check them with:
```bash
systemctl --user status local-kanban.service
systemctl --user status local-kanban-nginx-8443.service
```