Skip to content
This repository was archived by the owner on Feb 18, 2026. It is now read-only.

SSL + Domain setup #1

Draft
derek-palmer wants to merge 5 commits into
base: develop
Choose a base branch
from
Draft

SSL + Domain setup #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
0627d29
Updated nginx.conf to leverage AWS ALB vs managing the certs inside t…
derek-palmer May 24, 2024
9981343
Updated proxy_pass urls
derek-palmer May 24, 2024
718f19f
Removed obsolete docker-compose version syntax
derek-palmer May 24, 2024
14f1580
bumped body size for larger uploads
derek-palmer May 24, 2024
774d607
Added RAIS PR template
derek-palmer May 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions PULL_REQUEST_TEMPLATE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
## Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change.

## Type of Change

Please delete options that are not relevant to your pull request.

- *Bug fix* (non-breaking change which fixes an issue)
- *New feature* (non-breaking change which adds functionality)
- *Breaking change* (fix or feature that would cause existing functionality to not work as expected)
- *Maintenance* (non-breaking change which resolves a CVE, deprecation, or infrastructure issue/change)
- This change requires a documentation update

## To Test

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce.

- Test A
- Test B

## Notes

Please add any additional information below (if needed):

## Link to Asana task(s):
77 changes: 13 additions & 64 deletions client/nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,76 +1,25 @@
# Secure default configuration generated by Mozilla SSL Configuration Generator
# generated 2024-01-21, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.4, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.4&guideline=5.7

server {
listen 80 default_server;
listen [::]:80 default_server;

# To Configure SSL, comment all lines within the Non-SSL section and uncomment all lines under the SSL section.
######################################## Non-SSL ########################################
server_name localhost;

server_name chat.research.cornell.edu; # Change this to your actual domain name

# Increase the client_max_body_size to allow larger file uploads
# The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request
client_max_body_size 25M;
client_max_body_size 100M;

location /api/ {
proxy_pass http://api:3080$request_uri;
proxy_pass http://localhost:3080$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

location / {
proxy_pass http://api:3080/;
proxy_pass http://localhost:3080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

######################################## SSL ########################################
# # Redirect all http traffic to https
# location / {
# return 301 https://$host$request_uri;
# }
}

#server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;

# ssl_certificate /etc/nginx/ssl/nginx.crt;
# ssl_certificate_key /etc/nginx/ssl/nginx.key;
# ssl_session_timeout 1d;
# ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
# ssl_session_tickets off;

# # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ssl/dhparam
# ssl_dhparam /etc/nginx/ssl/dhparam;

# # intermediate configuration
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
# ssl_prefer_server_ciphers off;

# # HSTS (ngx_http_headers_module is required) (63072000 seconds)
# add_header Strict-Transport-Security "max-age=63072000" always;

# # OCSP stapling
# ssl_stapling on;
# ssl_stapling_verify on;

# # verify chain of trust of OCSP response using Root CA and Intermediate certs
# ssl_trusted_certificate /etc/nginx/ssl/ca.crt;

# # replace with the IP address of your resolver
# resolver 127.0.0.1;

# server_name localhost;

# # Increase the client_max_body_size to allow larger file uploads
# # The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request
# client_max_body_size 25M;

# location /api {
# proxy_pass http://api:3080/api;
# }

# location / {
# proxy_pass http://api:3080;
# }
#}
1 change: 0 additions & 1 deletion deploy-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
version: "3.8"
services:
api:
# build:
Expand Down
2 changes: 0 additions & 2 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
version: "3.4"

# Do not edit this file directly. Use a ‘docker-compose.override.yaml’ file if you can.
# Refer to `docker-compose.override.yaml.example’ for some sample configurations.

Expand Down