updated rust version, minor fixes
This commit is contained in:
@@ -145,6 +145,47 @@ docker compose down -v # stop and wipe all data — careful!
|
||||
docker compose up --build -d # rebuild after pulling code changes
|
||||
```
|
||||
|
||||
### Optional: Apache reverse proxy (TLS termination)
|
||||
|
||||
If you want to expose the app under a domain with HTTPS, put Apache in front of the `frontend` container (which keeps listening on `localhost:8080`) and let Apache handle TLS. Enable the required modules first:
|
||||
|
||||
```sh
|
||||
sudo a2enmod proxy proxy_http proxy_wstunnel ssl headers
|
||||
```
|
||||
|
||||
Then a vhost like this proxies everything — including the WebSocket-capable Vite/axios traffic and the `/api/` calls the frontend's nginx already forwards to the backend — to the container:
|
||||
|
||||
```apache
|
||||
<VirtualHost *:443>
|
||||
ServerName rss.example.com
|
||||
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/letsencrypt/live/rss.example.com/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/rss.example.com/privkey.pem
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyPass / http://127.0.0.1:8080/
|
||||
ProxyPassReverse / http://127.0.0.1:8080/
|
||||
|
||||
RequestHeader set X-Forwarded-Proto "https"
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/rss-error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/rss-access.log combined
|
||||
</VirtualHost>
|
||||
|
||||
# Redirect plain HTTP to HTTPS
|
||||
<VirtualHost *:80>
|
||||
ServerName rss.example.com
|
||||
Redirect permanent / https://rss.example.com/
|
||||
</VirtualHost>
|
||||
```
|
||||
|
||||
Notes for this setup:
|
||||
|
||||
- Set `FRONTEND_ORIGIN=https://rss.example.com` in your root `.env` so the backend's CORS check allows the proxied origin, then `docker compose up --build -d backend`.
|
||||
- You no longer need to publish port `8080` to the LAN — change the `frontend` service's port mapping in `docker-compose.yml` to `"127.0.0.1:8080:80"` so only Apache (on the same host) can reach it.
|
||||
- Obtain the certificate with `certbot --apache -d rss.example.com` (via the [Certbot](https://certbot.eff.org/) Apache plugin), which can also write the vhost and set up auto-renewal for you.
|
||||
|
||||
### Notes
|
||||
|
||||
- Migrations run automatically at backend startup — no manual `diesel` step needed in production.
|
||||
|
||||
Reference in New Issue
Block a user