updated rust version, minor fixes

This commit is contained in:
2026-06-07 16:26:42 +02:00
parent b4874ad318
commit 841e8419b0
7 changed files with 143 additions and 18 deletions
+41
View File
@@ -145,6 +145,47 @@ docker compose down -v # stop and wipe all data — careful!
docker compose up --build -d # rebuild after pulling code changes
```
### Optional: Apache reverse proxy (TLS termination)
If you want to expose the app under a domain with HTTPS, put Apache in front of the `frontend` container (which keeps listening on `localhost:8080`) and let Apache handle TLS. Enable the required modules first:
```sh
sudo a2enmod proxy proxy_http proxy_wstunnel ssl headers
```
Then a vhost like this proxies everything — including the WebSocket-capable Vite/axios traffic and the `/api/` calls the frontend's nginx already forwards to the backend — to the container:
```apache
<VirtualHost *:443>
ServerName rss.example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/rss.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rss.example.com/privkey.pem
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
RequestHeader set X-Forwarded-Proto "https"
ErrorLog ${APACHE_LOG_DIR}/rss-error.log
CustomLog ${APACHE_LOG_DIR}/rss-access.log combined
</VirtualHost>
# Redirect plain HTTP to HTTPS
<VirtualHost *:80>
ServerName rss.example.com
Redirect permanent / https://rss.example.com/
</VirtualHost>
```
Notes for this setup:
- Set `FRONTEND_ORIGIN=https://rss.example.com` in your root `.env` so the backend's CORS check allows the proxied origin, then `docker compose up --build -d backend`.
- You no longer need to publish port `8080` to the LAN — change the `frontend` service's port mapping in `docker-compose.yml` to `"127.0.0.1:8080:80"` so only Apache (on the same host) can reach it.
- Obtain the certificate with `certbot --apache -d rss.example.com` (via the [Certbot](https://certbot.eff.org/) Apache plugin), which can also write the vhost and set up auto-renewal for you.
### Notes
- Migrations run automatically at backend startup — no manual `diesel` step needed in production.