feat: add example nginx ssl reverse proxy service (#535)

2026-04-21 13:37:15 +00:00 · 2024-12-17 10:29:54 -08:00 · 2024-12-17 10:29:54 -08:00 · 3f0e564b0d
commit 3f0e564b0d
parent 48a6145776
3 changed files with 84 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,5 +1,19 @@
 name: hdx-oss
 services:
+  # ONLY USED FOR DEMO SSL SETUP
+  # nginx:
+  #   image: nginx:1.27.3
+  #   volumes:
+  #     - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
+  #     - ./docker/nginx/ssl:/etc/nginx/ssl
+  #     - .volumes/nginx_logs:/var/log/nginx
+  #   ports:
+  #     - 80:80
+  #     - 443:443
+  #   networks:
+  #     - internal
+  #   depends_on:
+  #     - app
  # go-parser:
  #   image: ${IMAGE_NAME_HDX}:${IMAGE_VERSION}-go-parser
  #   environment:
--- a/docker/nginx/README.md
+++ b/docker/nginx/README.md
@ -0,0 +1,15 @@
+# Setup SSL nginx reverse proxy
+
+1. Install mkcert [mkcert](https://github.com/FiloSottile/mkcert)
+2. Exec `mkcert mydomain.local` and `mkcert -install`
+3. Make sure the pem files are used in the nginx.conf file
+4. Update HYPERDX_APP_URL to https://mydomain.local in the .env file
+5. Update HYPERDX_APP_PORT to 443 (same as the nginx server port) in the .env file
+6. Add the following to the /etc/hosts file
+```
+127.0.0.1 mydomain.local
+```
+7. Comment out ports mapping in the docker-compose.yml file for `app` service (so that the app is not exposed to the host)
+8. Enable nginx service in the docker-compose.yml file
+9. Run `docker-compose up -d`
+10. Open https://mydomain.local in the browser
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@ -0,0 +1,55 @@
+# Main NGINX configuration
+user nginx;
+worker_processes auto;
+
+# Error log
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+# Events block
+events {
+    worker_connections 1024;
+}
+
+# HTTP block: Place your server block here
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Logging
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    # Gzip compression
+    gzip on;
+
+    # Redirect HTTP to HTTPS
+    server {
+        listen 80;
+        server_name mydomain.local www.mydomain.local;
+
+        return 301 https://$host$request_uri;
+    }
+
+    # HTTPS reverse proxy
+    server {
+        listen 443 ssl;
+        server_name mydomain.local www.mydomain.local;
+
+        # TLS settings
+        ssl_certificate /etc/nginx/ssl/mydomain.local.pem;
+        ssl_certificate_key /etc/nginx/ssl/mydomain.local-key.pem;
+
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers HIGH:!aNULL:!MD5;
+
+        location / {
+            # Points to the HyperDX app service
+            proxy_pass http://app:443;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+}