popov/gogo2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

17. docker deployment

Browse Source
This commit is contained in:
Dobromir Popov
2025-08-05 01:22:27 +03:00
parent fa972ace8a
commit 71442f766c
17 changed files with 2925 additions and 269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

274
COBY/REVERSE_PROXY_CONFIG.md Normal file
View File

@ -0,0 +1,274 @@
# Reverse Proxy Configuration for COBY
Since COBY now serves both the API and web dashboard from port 8080, here are configuration examples for common reverse proxies.
## Nginx Reverse Proxy
```nginx
# COBY upstream
upstream coby_backend {
server coby-app:8080;
# Add more servers for load balancing if needed
# server coby-app-2:8080;
}
server {
listen 80;
server_name coby.yourdomain.com;
# Optional: Redirect HTTP to HTTPS
# return 301 https://$server_name$request_uri;
# Main application proxy
location / {
proxy_pass http://coby_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 86400;
# CORS headers (if needed)
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
}
# WebSocket specific configuration (if needed separately)
location /ws/ {
proxy_pass http://coby_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400;
}
# Health check endpoint
location /health {
proxy_pass http://coby_backend;
access_log off;
}
# Optional: Serve static files with caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
proxy_pass http://coby_backend;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
# HTTPS configuration (recommended)
server {
listen 443 ssl http2;
server_name coby.yourdomain.com;
# SSL configuration
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key /path/to/your/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# Same location blocks as above
location / {
proxy_pass http://coby_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 86400;
}
}
```
## Apache Reverse Proxy
```apache
<VirtualHost *:80>
ServerName coby.yourdomain.com
# Enable required modules
# a2enmod proxy proxy_http proxy_wstunnel rewrite
# Proxy configuration
ProxyPreserveHost On
ProxyRequests Off
# Main application
ProxyPass / http://coby-app:8080/
ProxyPassReverse / http://coby-app:8080/
# WebSocket support
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://coby-app:8080/$1" [P,L]
# Headers
ProxyPassReverse / http://coby-app:8080/
ProxyPassReverseMatch ^(/.*) http://coby-app:8080$1
# Optional: Logging
ErrorLog ${APACHE_LOG_DIR}/coby_error.log
CustomLog ${APACHE_LOG_DIR}/coby_access.log combined
</VirtualHost>
# HTTPS version
<VirtualHost *:443>
ServerName coby.yourdomain.com
# SSL configuration
SSLEngine on
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyFile /path/to/your/private.key
# Same proxy configuration as above
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://coby-app:8080/
ProxyPassReverse / http://coby-app:8080/
# WebSocket support
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://coby-app:8080/$1" [P,L]
</VirtualHost>
```
## Traefik (Docker Labels)
If you're using Traefik, add these labels to your COBY app service in docker-compose:
```yaml
coby-app:
# ... other configuration
labels:
- "traefik.enable=true"
- "traefik.http.routers.coby.rule=Host(`coby.yourdomain.com`)"
- "traefik.http.routers.coby.entrypoints=websecure"
- "traefik.http.routers.coby.tls.certresolver=letsencrypt"
- "traefik.http.services.coby.loadbalancer.server.port=8080"
# WebSocket support
- "traefik.http.routers.coby-ws.rule=Host(`coby.yourdomain.com`) && PathPrefix(`/ws`)"
- "traefik.http.routers.coby-ws.entrypoints=websecure"
- "traefik.http.routers.coby-ws.tls.certresolver=letsencrypt"
- "traefik.http.services.coby-ws.loadbalancer.server.port=8081"
```
## Caddy
```caddy
coby.yourdomain.com {
reverse_proxy coby-app:8080
# WebSocket support is automatic in Caddy
# Optional: Custom headers
header {
# Security headers
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
Referrer-Policy "no-referrer-when-downgrade"
}
# Optional: Logging
log {
output file /var/log/caddy/coby.log
}
}
```
## HAProxy
```haproxy
global
daemon
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend coby_frontend
bind *:80
bind *:443 ssl crt /path/to/your/certificate.pem
redirect scheme https if !{ ssl_fc }
# WebSocket detection
acl is_websocket hdr(Upgrade) -i websocket
acl is_websocket_path path_beg /ws
use_backend coby_websocket if is_websocket or is_websocket_path
default_backend coby_backend
backend coby_backend
balance roundrobin
option httpchk GET /health
server coby1 coby-app:8080 check
backend coby_websocket
balance roundrobin
server coby1 coby-app:8081 check
```
## Docker Compose with Reverse Proxy
Here's an example of how to integrate with an existing reverse proxy network:
```yaml
# Add to your docker-compose.portainer.yml
networks:
coby-network:
driver: bridge
reverse-proxy:
external: true # Your existing reverse proxy network
services:
coby-app:
# ... existing configuration
networks:
- coby-network
- reverse-proxy # Connect to reverse proxy network
# Remove port mappings if using reverse proxy
# ports:
# - "8080:8080"
# - "8081:8081"
```
## Important Notes
1. **WebSocket Support**: Ensure your reverse proxy supports WebSocket upgrades for real-time features
2. **Health Checks**: Configure health checks to use `/health` endpoint
3. **Timeouts**: Set appropriate timeouts for long-running WebSocket connections
4. **SSL/TLS**: Always use HTTPS in production
5. **Rate Limiting**: Consider implementing rate limiting at the reverse proxy level
6. **Caching**: Static assets can be cached at the reverse proxy level
7. **Load Balancing**: If scaling horizontally, configure load balancing appropriately
## Testing Your Configuration
After configuring your reverse proxy:
1. **Basic connectivity**: `curl http://your-domain/health`
2. **Web dashboard**: Visit `http://your-domain/` in browser
3. **API endpoints**: Test `http://your-domain/api/` endpoints
4. **WebSocket**: Test WebSocket connections to `/ws/` path
5. **SSL**: Verify HTTPS is working if configured
The COBY application will handle all routing internally, so your reverse proxy just needs to forward all traffic to port 8080.