MUP auto extend let's encrypt - meteor

I need to auto extend my certificates but without manually configuring certbot or any action that would require me to SSH into the server. How is or possible to do it only using the mup config file and maybe hooks + js files?

Meteor-up (mup) does so automatically. A configuration like this works for me in mup.js:
proxy: {
domains: 'example.com,www.example.com,example.org',
ssl: {
letsEncryptEmail: 'your-email-for-letsencrypt#somewhere.com'
}
}

Related

NGINX environment-based routing

I have a single application running in multiple K8s clusters; Let's say there is a frontend service, and two backend ones.
I use NGINX proxy the requests from the frontend to the backend services. Regular NGINX edition, not NGINX+.
Here is the nginx.conf:
server {
....
set $back1 "<k8s hostname for the backend1 service>";
set $back2 "<k8s hostname for the backend2 service>";
location /back1 {
rewrite ^/back1/(.*)$ /$1 break;
proxy_pass http://$back1;
}
<and same for the backend 2 service>
}
So basically, what happens is that in my frontend application, I set the backend service address to localhost/back1 and localhost/back2, the requests hit NGINX which strips off those back1 and back2 prefixes and call whatever endpoint I specify after in the actual backend services in K8s.
As I have multiple K8s clusters, the backend services hostnames differ, and I need to account for that in my NGINX conf.
The question is:
Is there a way for NGINX to differentiate between my K8s clusters?
Perhaps I can pass an environment variable to the container running my frontend service, and make an if statement in nginx.conf. Something like:
server {
if (${env} = "cluster1") {
set $back1 = "<cluster1 hostname>"
}
if (${env} = "cluster2") {
set $back1 = "<cluster2 hostname>"
}
}
Or if I can execute a shell command in the nginx conf to get the hostname and write similar if blocks.
I would appreciate any help on this matter!
I went a different route - via templates, environment variables, and envsubst utility which is shipping in the latest nginx docker images.
In template:
set $upstream_back1 "${BACK1}";
set $upstream_back2 "${BACK2}";
In Dockerfile
RUN envsubst < yourtemplate > /etc/nginx/nginx.conf

Trying to set file upload limit in mup/nginx-proxy

I am running into a file upload error with files > 10M. I have followed the advice here: http://meteor-up.com/docs.html#advanced-configuration which says how to set it in the nginx proxy by setting the clientUploadLimit: '50M'
I pushed the changes using mup proxy reconfig-shared, and it told me it had restarted the proxy. It didn't work, I still get the 413 (Request Entity Too Large) error.
I checked inside the nginx-proxy docker instance, and the file /etc/nginx/conf.d/my_proxy.conf has the correct entry client_max_body_size 50M. I restarted the EC2 box to make sure, but it's still not working.
This article https://www.tecmint.com/limit-file-upload-size-in-nginx/ suggests that the setting needs to go inside a http block, like this:
By default, Nginx has a limit of 1MB on file uploads. To set file upload size, you can use the client_max_body_size directive, which is part of Nginx’s ngx_http_core_module module. This directive can be set in the http, server or location context.
http {
client_max_body_size 100M;
}
I can't see how to achieve this, as the .conf file is read only and somehow locked.
Any ideas on how to proceed?
I suppose I could try a custom nginx.conf file, but I'm not sure what should go in there, and in fact whether it will even improve the situation.
Any help is appreciated :)
I'm happy to report that I solved it... I will explain how.
I was setting the limit in the nginx reverse proxy in the mup.js file
proxy: {
domains: 'website.com,www.website.com',
shared: { clientUploadLimit: '50M' }
}
But it turns out that there is an option to set it for each independent server like this:
proxy: {
domains: 'website.com,www.website.com',
clientUploadLimit: '50M'
}
The limit was being set to 10M by default. I found it by shelling into the nginx-proxy docker image and doing a search with the command grep -R client_max_body_size /etc/nginx and it showed me all the places where it was set (for each vhost)
So I changed the mup.js file for my server, did a mup stop, and a mup setup (to re-do the settings) and then a mup deploy
Now this is speculation but have you tried going to the docker container's root shell changed the permissions to give write permission to root or your user chmod 760 /etc/nginx/nginx.conf and edit the nginx file there?

Cant connect Browsersync with DDEV nginx server, because SSL Error

I'm running DDEV nginx server on Bedrock wordpress site and trying to load snippet for Browsersync.
gulpfile.js browserSync task:
browserSync.init({
proxy: {
target: "https://web.ddev.site"
},
https: {
key: "/Users/user/Library/Application Support/mkcert/rootCA-key.pem",
cert: "/Users/user/Library/Application Support/mkcert/rootCA.pem"
}, open:false});
Browser doesnt load snippet and print following error:
(index):505 GET https://web.ddev.site:3000/browser-sync/browser-sync-client.js?v=2.26.7 net::ERR_SSL_KEY_USAGE_INCOMPATIBLE
How can I get this two things to work together? Before DDEV I was using MAMP but DDEV has much better performance and I want to switch to this app. Thanks for help.
The problem was bad ssl certificates file. It was necessary to use docker container certificate. Proxy option is not anymore required.
After setup ddev container, you need to copy docker certificate to some location:
docker cp ddev-router:/etc/nginx/certs ~/tmp
After that just update path to correct certificates files. My gulpfile task now looks like this:
browserSync.init({https: {
key: "/Users/username/tmp/master.key",
cert: "/Users/username/tmp/master.crt"
}, open:false});
Thanks #rfay for solution!

Vue host development server web socket in subdirectory

I'm trying to host a Vue development server (including the web socket) in a subdirectory of my domain using nginx, but with my current setup it looks like the vue server is responding to requests instead of the webpack development server.
To be clear, I want my app to be hosted on https://xxx.yyy/zzz/, I want assets, etc hosted in https://xxx.yyy/zzz/path/to/asset, and I want the webpack dev server hosted in https://xxx.yyy/zzz/sockjs-node/info?t=.... I'm pretty sure this should be possible without special casing the nginx setup because it works without the subdirectory.
Here's my setup so far:
nginx
server {
# server name, ssl, etc
location /test/ {
proxy_pass http://localhost:8080;
}
}
Create the project
$ vue create -d hello-world
vue.config.js
module.exports = {
publicPath: '/test/',
devServer: {
public: "0.0.0.0/test",
disableHostCheck: true,
}
}
Then running
$ npm run serve
The client makes requests to all the right places, but
$ curl https://xxx.yyy/test/sockjs-node/info
gives back index.html, whereas
$ curl localhost:8080/sockjs-node/info
gives back the expected websocket info. I have also tried changing the nginx setup to proxy_pass http://localhost:8080/;, but that causes index.html to not render when I go to https://xxx.yyy/test/ because it's expecting a path and isn't being forwarded one. When I also change publicPath to /, I can't get the client to look in the right subdirectory for assets.
Is there a correct way to do this?
It is possible to set the socket path using:
module.exports = {
//...
devServer: {
sockPath: 'path/to/socket',
}
};
In this case:
sockPath: '/test/sockjs-node',

Grunt connect or grunt serve?

I don't quite get the difference between the two. From the description, seems like both are for opening webserver.
If i used the grunt-serve plugin with the following configurations on my gruntfile.js
serve: {
options: {
port: 9000
}
}
I can open a webserver at the specified port, though i have to open the webserver manually at the browser (not sure how to make it open automatically on my default browser). The webserver is working fine, and can load JSON files without any problem.
However when i tried to do it with grunt connect plugin, with the following configurations
connect: {
server: {
options: {
port: 9000,
livereload: 35729,
hostname: 'localhost',
keepalive:true,
open:true
}
}
},
open: {
dev: {
url: 'http://localhost:<%= connect.server.options.port %>/index.html'
}
}
grunt.registerTask('serve', function (target) {
grunt.task.run([
'connect',
'open:dev'
]);
});
I could automatically opened a webserver at the specified port on my default browser, but the catch is, it couldn't load the JSON data like how grunt serve did.
I'd like to make the webserver works like Yeoman, where when running the command grunt serve, it would connect to the webserver and automatically open it on my default browser, and can load all my PHP/json files. Seems like grunt-serve plugin is the right plugin for this, but i'm sure grunt-connect can do the same thing as grunt-serve too.
according to https://github.com/gruntjs/grunt-contrib-connect the connect task makes the server available for a limited amount of time in order to run other tasks such as unit testing. Once the tasks are complete the server stops. As you have shown there is a keepalive option to prevent the server from stopping. Connect is also useful for connecting to resources on another domain such as a REST API. Typically this would be denied by the browser due to the same origin policy - see https://github.com/drewzboto/grunt-connect-proxy.
So for development I would use the standard pattern "grunt serve" and connect for testing and proxying to resources on another domain :-)

Resources