Add nginx forwarding

.env

@@ -0,0 +1,2 @@
+# insert your host name here, it should match the name/domain of your ssl certificate
+SERVER_NAME=localhost

.gitignore

@@ -33,4 +33,8 @@ api/*.pub
 api/*.key
 api/ezbids.key
 api/*.js
-api/*.js.map
+api/*.js.map
+
+# ssl certs we ignore the content of the folder but keep the folder around.
+nginx/ssl/*
+!nginx/ssl/.gitkeep

dev.sh

@@ -17,13 +17,13 @@ export BRAINLIFE_AUTHENTICATION
 
 git submodule update --init --recursive
 
-(cd api && npm install -g [email protected])
-(cd ui && npm install -g [email protected])
+(cd api && npm install)
+(cd ui && npm install)
 
 mkdir -p /tmp/upload
 mkdir -p /tmp/workdir
 
-npm run prepare-husky
+#npm run prepare-husky
 
 ./generate_keys.sh
 

docker-compose.yml

@@ -1,4 +1,6 @@
-# version: "3"
+version: "3"
+networks:
+    ezbids:
 
 services:
     mongodb:
@@ -15,6 +17,8 @@ services:
                 5
         ports:
             - 27417:27017 #for local debugging
+        networks:
+            - ezbids
 
     api:
         container_name: brainlife_ezbids-api
@@ -27,7 +31,7 @@ services:
             mongodb:
                 condition: service_healthy
         healthcheck:
-            test: ["CMD", "curl", "-f", "http://localhost:8082/health"]
+            test: ["CMD", "curl", "-f", "http://api:8082/health"]
         working_dir: /app/api
         command:
             ./dev.sh
@@ -36,6 +40,8 @@ services:
             BRAINLIFE_AUTHENTICATION: ${BRAINLIFE_AUTHENTICATION}
         ports:
             - 8082:8082 #localhost runs on local browser to it needs to access api via host port
+        networks:
+            - ezbids
 
     handler:
         container_name: brainlife_ezbids-handler
@@ -51,23 +57,29 @@ services:
                 condition: service_healthy
         environment:
             MONGO_CONNECTION_STRING: mongodb://mongodb:27017/ezbids
+        networks:
+            - ezbids
         tty: true #turn on color for bids-validator output
         command: pm2 start handler.js --attach --watch --ignore-watch "ui **/node_modules"
 
     ui:
         container_name: brainlife_ezbids-ui
+        env_file:
+            - .env
         build: ./ui
         platform: linux/amd64
         volumes:
             - ./ui/src:/ui/src #don't copy node_modules which might be compiled for mac (vite won't work)
         environment:
-            VITE_APIHOST: http://localhost:8082
+            VITE_APIHOST: https://${SERVER_NAME}/api
             VITE_BRAINLIFE_AUTHENTICATION: ${BRAINLIFE_AUTHENTICATION}
         healthcheck:
-            test: ["CMD", "curl", "-f", "http://localhost:3000"]
+            test: ["CMD", "curl", "-f", "http://ui:3000"]
         ports:
             - 3000:3000 #vite wants to be exposed on the host for HMR?
-
+        networks:
+            - ezbids
+
     # by default this is not enabled, need to run docker compose with --profile development to enable this service
     telemetry:
         container_name: brainlife_ezbids-telemetry
@@ -77,4 +89,29 @@ services:
             - mongodb
         profiles: ["development"]
         ports:
-            - 8000:8000 #for local debugging
+            - 8000:8000 #for local debugging
+        networks:
+            - ezbids
+
+    nginx:
+        env_file:
+            - .env
+        container_name: brainlife_ezbids-nginx
+        depends_on:
+            - ui
+            - api
+        image: nginx:latest
+        platform: linux/amd64
+        profiles: ["development"]
+        ports: 
+            - 80:80
+            - 443:443
+        networks:
+            - ezbids
+        volumes: 
+            - ./nginx/ssl:/etc/nginx/conf.d/ssl/
+            # replace production/development depending on whether you want ssl or not
+            - ./nginx/production_nginx.conf:/etc/nginx/conf.d/default.conf
+
+
+

nginx/development_nginx.conf

@@ -0,0 +1,34 @@
+server {
+    listen      80;
+    listen [::]:80;
+    # use the enviroment variable SERVER_NAME to set the server_name
+    server_name  $SERVER_NAME;
+    client_max_body_size 1200M;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    location /ezbids {
+        proxy_pass http://ui:3000;
+    }
+
+    location /api/ {
+        proxy_pass http://api:8082/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}

nginx/production_nginx.conf

@@ -0,0 +1,35 @@
+server {
+    listen 443 ssl;
+    ssl_certificate /etc/nginx/conf.d/ssl/sslcert.cert;
+    ssl_certificate_key /etc/nginx/conf.d/ssl/sslcert.key;
+    ssl_password_file /etc/nginx/conf.d/ssl/sslpassword;
+    server_name  $SERVER_NAME;
+    client_max_body_size 1200M;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    location /ezbids {
+        proxy_pass http://ui:3000;
+    }
+
+    location /api/ {
+        proxy_pass http://api:8082/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}