From 6cc77adbab3b9620a55dae9d87edbbd1d8cb26d5 Mon Sep 17 00:00:00 2001 From: Leendert de Borst Date: Thu, 7 Aug 2025 08:09:56 +0200 Subject: [PATCH] Rename to allinone, make compatible with default nginx.conf (#1098) --- apps/server/nginx.single.conf | 106 ------------------ ...lecontainer => Dockerfile.server.allinone} | 12 +- dockerfiles/README.md | 4 +- 3 files changed, 11 insertions(+), 111 deletions(-) delete mode 100644 apps/server/nginx.single.conf rename dockerfiles/{Dockerfile.server.singlecontainer => Dockerfile.server.allinone} (96%) diff --git a/apps/server/nginx.single.conf b/apps/server/nginx.single.conf deleted file mode 100644 index 4ad908bd1..000000000 --- a/apps/server/nginx.single.conf +++ /dev/null @@ -1,106 +0,0 @@ -events { - worker_connections 1024; -} - -http { - client_max_body_size 25M; - - upstream client { - server localhost:3000; - } - - upstream api { - server localhost:3001; - } - - upstream admin { - server localhost:3002; - } - - # Preserve any existing X-Forwarded-* headers, this is relevant if AliasVault - # is running behind another reverse proxy. - set_real_ip_from 10.0.0.0/8; - set_real_ip_from 172.16.0.0/12; - set_real_ip_from 192.168.0.0/16; - real_ip_header X-Forwarded-For; - real_ip_recursive on; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Enable gzip compression, which reduces the amount of data that needs to be transferred - # to speed up WASM load times. - gzip on; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - server { - listen 80; - server_name _; - - # Redirect all HTTP traffic to HTTPS - location / { - return 301 https://$host$request_uri; - } - } - - server { - listen 443 ssl; - server_name _; - - # Include the appropriate SSL certificate configuration generated - # by the entrypoint script. - include /etc/nginx/ssl.conf; - - # Security headers - add_header Referrer-Policy "strict-origin-when-cross-origin" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header Cross-Origin-Resource-Policy "same-origin" always; - add_header Content-Security-Policy "frame-ancestors 'self'" always; - - # Admin interface - location /admin { - proxy_pass http://admin; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Prefix /admin/; - - # Rewrite HTTP redirects to HTTPS - proxy_redirect http:// https://; - - # Add WebSocket support for Blazor server - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; - } - - # API endpoints - location /api { - proxy_pass http://api; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - # Client app (root path) - location / { - proxy_pass http://client; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # Rewrite HTTP redirects to HTTPS - proxy_redirect http:// https://; - } - } -} \ No newline at end of file diff --git a/dockerfiles/Dockerfile.server.singlecontainer b/dockerfiles/Dockerfile.server.allinone similarity index 96% rename from dockerfiles/Dockerfile.server.singlecontainer rename to dockerfiles/Dockerfile.server.allinone index 44479ee31..00f5b7d39 100644 --- a/dockerfiles/Dockerfile.server.singlecontainer +++ b/dockerfiles/Dockerfile.server.allinone @@ -90,7 +90,13 @@ COPY --from=dotnet-builder /app/taskrunner /app/taskrunner COPY apps/server/AliasVault.Client/nginx.conf /app/client/nginx.conf # Copy nginx configuration for single container deployment -COPY apps/server/nginx.single.conf /etc/nginx/nginx.single.conf +COPY apps/server/nginx.conf /etc/nginx/nginx.conf + +# Replace "client", "api" and "admin" hostnames with "localhost" in nginx.conf +# to accommodate for the single-container setup +RUN sed -i 's/client:3000/localhost:3000/g' /etc/nginx/nginx.conf && \ + sed -i 's/api:3001/localhost:3001/g' /etc/nginx/nginx.conf && \ + sed -i 's/admin:3002/localhost:3002/g' /etc/nginx/nginx.conf # ============================================ # S6 Service Definitions @@ -291,8 +297,8 @@ RUN mkdir -p /etc/s6-overlay/s6-rc.d/nginx && \ echo 'ssl_prefer_server_ciphers off;'; \ echo 'SSLEOF'; \ echo ''; \ - echo '# Use single container nginx configuration'; \ - echo 'cp /etc/nginx/nginx.single.conf /etc/nginx/nginx.conf'; \ + echo '# Use container nginx configuration'; \ + echo 'cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf'; \ echo ''; \ echo '# Wait for all services to be ready'; \ echo 'echo "Waiting for services to be ready..."'; \ diff --git a/dockerfiles/README.md b/dockerfiles/README.md index 7c48e7bee..3455edd85 100644 --- a/dockerfiles/README.md +++ b/dockerfiles/README.md @@ -10,8 +10,8 @@ Used to locally build Docker images from source instead of retrieving pre-built ### `docker-compose.dev.yml` Contains containers for aiding in local development of AliasVault. Provides a separate PostgreSQL instance for development on port 5433, managed via `./install.sh configure-dev-db`. -### `Dockerfile.server.singlecontainer` -This is a standalone single-container build for easy self-hosting, using s6-overlay to run multiple services (database, API, web, smtp, task runner) inside one image. +### `Dockerfile.server.allinone` +This is a all-in-one single-container build of the full AliasVault server stack for easy self-hosting, using s6-overlay to run multiple services (database, API, web, smtp, task runner) in one image. This build is primarily intended for **limited platforms** like NAS devices, Unraid, or other **small home-use scenarios** where simplicity is preferred over flexibility.