diff --git a/README.md b/README.md index 3d5ea4a7a..414c01645 100644 --- a/README.md +++ b/README.md @@ -169,13 +169,15 @@ Instructions for running BookWyrm in production: - Set a secure database password for postgres - Update your nginx configuration in `nginx/default.conf` - Replace `your-domain.com` with your domain name + - If you aren't using the `www` subdomain, remove the www.your-domain.com version of the domain from the `server_name` in the first server block in `nginx/default.conf` and remove the `-d www.${DOMAIN}` flag at the end of the `certbot` command in `docker-compose.yml`. - If you are running another web-server on your host machine, you will need to follow the [reverse-proxy instructions](#running-bookwyrm-behind-a-reverse-proxy) - Run the application (this should also set up a Certbot ssl cert for your domain) with `docker-compose up --build`, and make sure all the images build successfully - If you are running other services on your host machine, you may run into errors where services fail when attempting to bind to a port. See the [troubleshooting guide](#port-conflicts) for advice on resolving this. - When docker has built successfully, stop the process with `CTRL-C` - - Comment out the `command: certonly...` line in `docker-compose.yml` + - Comment out the `command: certonly...` line in `docker-compose.yml`, and uncomment the following line (`command: renew ...`) so that the certificate will be automatically renewed. + - Uncomment the https redirect and `server` block in `nginx/default.conf` (lines 17-48). - Run docker-compose in the background with: `docker-compose up -d` - Initialize the database with: `./bw-dev initdb` diff --git a/nginx/default.conf b/nginx/default.conf index 9435c0807..286029d1a 100644 --- a/nginx/default.conf +++ b/nginx/default.conf @@ -13,39 +13,39 @@ server { root /var/www/certbot; } - # redirect http to https www - return 301 https://www.your-domain.com$request_uri; -} - -server { - listen [::]:443 ssl http2; - listen 443 ssl http2; - - server_name your-domain.com; - - # SSL code - ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem; - ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem; - - location ~ /.well-known/acme-challenge { - allow all; - root /var/www/certbot; - } - - location / { - proxy_pass http://web; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_redirect off; - } - - location /images/ { - alias /app/images/; - } - - location /static/ { - alias /app/static/; - } + # redirect http to https +# return 301 https://your-domain.com$request_uri; +# } +# +# server { +# listen [::]:443 ssl http2; +# listen 443 ssl http2; +# +# server_name your-domain.com; +# +# # SSL code +# ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem; +# ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem; +# +# location ~ /.well-known/acme-challenge { +# allow all; +# root /var/www/certbot; +# } +# +# location / { +# proxy_pass http://web; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header Host $host; +# proxy_redirect off; +# } +# +# location /images/ { +# alias /app/images/; +# } +# +# location /static/ { +# alias /app/static/; +# } } # Reverse-Proxy server