From 86e5ab04b2464905629ddbfee36e70aac08d0cc1 Mon Sep 17 00:00:00 2001
From: zJ <19760191+zJuuu@users.noreply.github.com>
Date: Wed, 21 Aug 2024 19:57:13 +0200
Subject: [PATCH] feat: Add Nginx configuration for Let's Encrypt proxy setup
 (#553)

---
 README.md                          |  3 +-
 nginx-letsencrypt-proxy/README.md  | 69 +++++++++++++++++++++++++
 nginx-letsencrypt-proxy/deploy.yml | 81 ++++++++++++++++++++++++++++++
 nginx-letsencrypt-proxy/nginx.conf | 16 ++++++
 4 files changed, 168 insertions(+), 1 deletion(-)
 create mode 100644 nginx-letsencrypt-proxy/README.md
 create mode 100644 nginx-letsencrypt-proxy/deploy.yml
 create mode 100644 nginx-letsencrypt-proxy/nginx.conf

diff --git a/README.md b/README.md
index 26160779..2b8eb3bb 100644
--- a/README.md
+++ b/README.md
@@ -240,9 +240,10 @@ Awesome DeFi apps you can deploy on Akash
 ### Hosting
 
 - [Caddy](caddy)
+- [Flame](flame)
 - [Grafana](grafana)
 - [IPFS](ipfs)
-- [Flame](flame)
+- [Nginx Let's Encrypt Proxy](nginx-letsencrypt-proxy)
 
 ### Media
 
diff --git a/nginx-letsencrypt-proxy/README.md b/nginx-letsencrypt-proxy/README.md
new file mode 100644
index 00000000..6f0bc187
--- /dev/null
+++ b/nginx-letsencrypt-proxy/README.md
@@ -0,0 +1,69 @@
+# Nginx Let's Encrypt Proxy
+
+This repository contains the necessary configuration files and instructions to set up an Nginx reverse proxy with Let's Encrypt SSL certificate.
+
+## Prerequisites
+
+Before getting started, make sure you have the following:
+
+- A registered domain name
+
+## Installation
+
+1. Copy the nginx.conf and change the server_name to your domain and the proxy_pass to your application.
+
+2. Upload the `nginx.conf` to Gist or any other file hosting service. Make sure the file is publicly accessible.
+
+3. Go to console.akash.network and create a new deployment with the SDL in deploy.yml.
+
+4. Replace the `NGINX_CONF_URL` in the SDL with the URL of the `nginx.conf` file you uploaded in step 2.
+
+5. Replace the `DOMAIN` in the SDL with your domain name.
+
+6. Make sure `FIRST_START` is set to `true` in the SDL.
+
+7. Deploy the application and select a Provider.
+
+8. Once the deployment starts, you can see the leased IP address in the Leases tab of the Akash Console.
+Copy the IP address and create an A record in your domain's DNS settings pointing to this IP address.
+
+9. Wait for the DNS changes to propagate. You can check the status of the DNS propagation using online tools like [DNS Checker](https://dnschecker.org/).
+
+10. Update the `FIRST_START` to `false` in the SDL.
+
+11. You should now be able to access your application using your domain name over HTTPS.
+
+A successful deployment should look similar to this:
+```bash
+[nginx]: Saving to: '/etc/nginx/nginx.conf'
+[nginx]: 2024-08-09 13:22:03 (50.3 MB/s) - '/etc/nginx/nginx.conf' saved [956/956]
+[nginx]: 
+[nginx]: Saving debug log to /var/log/letsencrypt/letsencrypt.log
+[nginx]: Account registered.
+[nginx]: Requesting a certificate for YOURDOMAIN.COM
+[nginx]: 
+[nginx]: Successfully received certificate.
+[nginx]: Certificate is saved at: /etc/letsencrypt/live/YOURDOMAIN.COM/fullchain.pem
+[nginx]: Key is saved at:         /etc/letsencrypt/live/YOURDOMAIN.COM/privkey.pem
+[nginx]: This certificate expires on 2024-11-07.
+[nginx]: These files will be updated when the certificate renews.
+[nginx]: Certbot has set up a scheduled task to automatically renew this certificate in the background.
+[nginx]: 
+[nginx]: Deploying certificate
+[nginx]: Successfully deployed certificate for YOURDOMAIN.COM to /etc/nginx/nginx.conf
+[nginx]: Congratulations! You have successfully enabled HTTPS on https://YOURDOMAIN.COM
+```
+
+## FAQ
+
+### How do I renew the SSL certificate?
+
+The SSL certificate is automatically renewed by Certbot. You don't need to do anything to renew the certificate.
+
+### How do I update the Nginx configuration?
+
+To update the Nginx configuration, you need to update the `nginx.conf` file and upload it to a publicly accessible URL. Then update the `NGINX_CONF_URL` in the SDL with the new URL. Note that it will recreate the Certificate.
+
+### What do i do if i run in to the error `too many registrations for this IP`?
+
+If you run into the error `too many registrations for this IP`, it means that you have reached the Let's Encrypt rate limit for the number of registrations from a single IP address. You can wait for the rate limit to reset or use a different Provider to register the certificate.
diff --git a/nginx-letsencrypt-proxy/deploy.yml b/nginx-letsencrypt-proxy/deploy.yml
new file mode 100644
index 00000000..964678b0
--- /dev/null
+++ b/nginx-letsencrypt-proxy/deploy.yml
@@ -0,0 +1,81 @@
+---
+version: "2.0"
+services:
+  nginx-ssl:
+    image: nginx:1.27
+    expose:
+      - port: 80
+        as: 80
+        to:
+          - global: true
+            ip: myendpointa
+      - port: 443
+        as: 443
+        to:
+          - global: true
+            ip: myendpointa
+    env:
+      - "DOMAIN=YOURDOMAIN.COM" # Change this to your domain
+      - "NGINX_CONF_URL=" # Set this to the URL of your NGINX config see example /nginx-letsencrypt-proxy/nginx.conf
+      - "FIRST_START=true" # Set this to false after you have set the A Record in your DNS
+    command:
+          - "bash"
+          - "-c"
+    args:
+          - >- 
+            if [ -f /etc/nginx-persistent/nginx.conf ]; then
+                echo "nginx.conf already exists";
+            else
+                echo "Get NGINX config from $NGINX_CONF_URL";
+                wget $NGINX_CONF_URL -O /etc/nginx-persistent/nginx.conf;
+            fi
+
+            while [ "$FIRST_START" = true ]; do
+                echo "Please set the A Record in your DNS to your leased IP and update the SDL with FIRST_START=false";
+                sleep 20;
+            done
+
+            cp /etc/nginx-persistent/nginx.conf /etc/nginx/nginx.conf;
+
+            apt-get update;
+            apt-get upgrade -y;
+            apt install -y certbot python3-certbot-nginx wget;
+
+            certbot --nginx -d $DOMAIN --non-interactive --agree-tos --register-unsafely-without-email;
+
+            service nginx stop;
+            nginx -g "daemon off;"
+    params:
+      storage:
+        data:
+            mount: /etc/nginx-persistent
+            readOnly: false
+profiles:
+  compute:
+    nginx-ssl:
+      resources:
+        cpu:
+          units: 1
+        memory:
+          size: 4Gi
+        storage:
+          - size: 5Gi
+          - name: data
+            size: 1Gi
+            attributes:
+              persistent: true
+              class: beta3
+  placement:
+    dcloud:
+      pricing:
+        nginx-ssl:
+          denom: uakt
+          amount: 1000
+deployment:
+  nginx-ssl:
+    dcloud:
+      profile: nginx-ssl
+      count: 1
+endpoints:
+  myendpointa:
+    kind: ip
diff --git a/nginx-letsencrypt-proxy/nginx.conf b/nginx-letsencrypt-proxy/nginx.conf
new file mode 100644
index 00000000..2b5d8862
--- /dev/null
+++ b/nginx-letsencrypt-proxy/nginx.conf
@@ -0,0 +1,16 @@
+events {}
+
+http {
+    server {
+        server_name YOURDOMAIN.com www.YOURDOMAIN.com;
+
+        resolver 8.8.8.8;
+        location / {
+            proxy_pass http://FORWARDING_URL.COM;
+        }
+
+        error_log /var/log/nginx/error.log;
+        access_log /var/log/nginx/access.log;
+
+    }
+}
\ No newline at end of file