From f9af66079ae98f51c0723ef06c4b1c401003b809 Mon Sep 17 00:00:00 2001 From: Long Le Date: Mon, 5 Jan 2026 22:23:06 +0700 Subject: [PATCH 1/7] use nginx for handling request --- compose.yaml | 17 ++++++++++++----- nginx/config | 20 +++++++------------- 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/compose.yaml b/compose.yaml index 48c3da6..2be86ca 100644 --- a/compose.yaml +++ b/compose.yaml @@ -5,10 +5,8 @@ services: restart: always depends_on: - swetrix-api - ports: - - "80:3000" environment: - - API_URL=${API_URL} + - API_URL=/api healthcheck: test: [ @@ -23,8 +21,6 @@ services: image: swetrix/swetrix-api:v4.1.0 restart: always container_name: swetrix-api - ports: - - "8080:5005" environment: # Configurable with .env file - SECRET_KEY_BASE=${SECRET_KEY_BASE} @@ -114,6 +110,17 @@ services: nofile: soft: 262144 hard: 262144 + + nginx-proxy: + image: nginx:1.29.4-alpine + restart: always + links: + - "swetrix-api" + - "swetrix" + ports: + - "80:80" + volumes: + - ./nginx/config:/etc/nginx/conf.d/default.conf volumes: swetrix-events-data: driver: local diff --git a/nginx/config b/nginx/config index a984924..433e449 100644 --- a/nginx/config +++ b/nginx/config @@ -1,25 +1,19 @@ server { - listen 81; - listen [::]:81; - # server_name swetrix.yourdomain.com; + listen 80; + listen [::]:80; server_name _; - location / { - proxy_pass http://localhost:80; + location /api/ { + proxy_pass http://swetrix-api:5005/; + proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } -} - -server { - listen 8081; - listen [::]:8081; - # server_name api.swetrix.yourdomain.com; - server_name _; location / { - proxy_pass http://localhost:8080; + proxy_pass http://swetrix:3000; + proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 022bef2ba13da41a3f0e017a5d4e5e9540838618 Mon Sep 17 00:00:00 2001 From: Blue Mouse Date: Sun, 25 Jan 2026 17:50:20 +0000 Subject: [PATCH 2/7] Use /backend, not /api (/api is already used) --- compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yaml b/compose.yaml index 2be86ca..75229ec 100644 --- a/compose.yaml +++ b/compose.yaml @@ -6,7 +6,7 @@ services: depends_on: - swetrix-api environment: - - API_URL=/api + - API_URL=/backend healthcheck: test: [ From f2d0f4ff24b2ac5e9b30f9fcbba598100df902e2 Mon Sep 17 00:00:00 2001 From: Blue Mouse Date: Sun, 25 Jan 2026 22:17:36 +0000 Subject: [PATCH 3/7] BASE_URL; add conditions for nginx start --- .env.example | 3 ++- README.md | 4 ++-- compose.yaml | 7 ++++++- configure.sh | 13 +++++++------ 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/.env.example b/.env.example index a44dd78..6edf66f 100644 --- a/.env.example +++ b/.env.example @@ -3,7 +3,8 @@ # For more information, refer to our documentation: https://docs.swetrix.com/selfhosting/configuring # Swetrix Frontend configuration -API_URL=http://localhost:8080 +# Public URL where your Swetrix instance is reachable (no trailing slash). +BASE_URL=http://localhost # Swetrix API configuration diff --git a/README.md b/README.md index dacc326..39df856 100644 --- a/README.md +++ b/README.md @@ -20,8 +20,8 @@ git clone https://github.com/swetrix/selfhosting cd selfhosting ``` 2. [Install Docker](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04?ref=swetrix.com) if you haven't already. -3. Configure the environment variables for your Swetrix instance. It can be easily done by running `./configure.sh` script, which will ask you to provide the necessary values and generate a `.env` file with them. A table explaining what each value means can be found [here](https://docs.swetrix.com/selfhosting/configuring). +3. Configure the environment variables for your Swetrix instance. It can be easily done by running `./configure.sh` script, which will ask you to provide the necessary values (including `BASE_URL`) and generate a `.env` file with them. A table explaining what each value means can be found [here](https://docs.swetrix.com/selfhosting/configuring). 4. Run `docker compose up -d` to start the Swetrix services. -5. After that, you will be able to access Swetrix web portal on the port you specified in `swetrix` category in `compose.yaml` (by default, it's set to `80`). +5. After that, you will be able to access Swetrix web portal at the URL you set in `BASE_URL` (by default, `http://localhost`). And that's it! :) If you have any questions, feel free to join our [Discord community](https://discord.gg/ZVK8Tw2E8j). You can also star our [main repository](https://github.com/Swetrix/swetrix) as a token of appreciation. diff --git a/compose.yaml b/compose.yaml index 75229ec..314413c 100644 --- a/compose.yaml +++ b/compose.yaml @@ -6,7 +6,7 @@ services: depends_on: - swetrix-api environment: - - API_URL=/backend + - BASE_URL=${BASE_URL} healthcheck: test: [ @@ -114,6 +114,11 @@ services: nginx-proxy: image: nginx:1.29.4-alpine restart: always + depends_on: + swetrix: + condition: service_healthy + swetrix-api: + condition: service_healthy links: - "swetrix-api" - "swetrix" diff --git a/configure.sh b/configure.sh index 333ec75..0d0e32c 100755 --- a/configure.sh +++ b/configure.sh @@ -251,15 +251,16 @@ echo -e "${GREEN}Creating new .env file...${NC}" echo -e "# Swetrix Frontend configuration" > .env -# API_URL +# BASE_URL while true; do - echo - read -e -p "Enter API_URL of your Swetrix API instance (required, e.g., https://api.swetrix.example.com): " api_url - if [ -n "$api_url" ]; then - echo "API_URL=$api_url" >> .env + echo + read -e -p "Enter public URL of your Swetrix instance (required, e.g., https://swetrix.example.com): " base_url + if [ -n "$base_url" ]; then + base_url="${base_url%/}" + echo "BASE_URL=$base_url" >> .env break else - echo -e "${RED}API_URL is required. Please enter a value.${NC}" + echo -e "${RED}BASE_URL is required. Please enter a value.${NC}" fi done From c2d9f478c616946a050afae6709b0af63dc2ad97 Mon Sep 17 00:00:00 2001 From: Blue Mouse Date: Mon, 26 Jan 2026 00:44:46 +0000 Subject: [PATCH 4/7] api -> backend --- nginx/config | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nginx/config b/nginx/config index 433e449..ac3dd8c 100644 --- a/nginx/config +++ b/nginx/config @@ -3,7 +3,8 @@ server { listen [::]:80; server_name _; - location /api/ { + # Keep /backend/ prefix; this is used to route requests to the Swetrix API. + location /backend/ { proxy_pass http://swetrix-api:5005/; proxy_http_version 1.1; proxy_set_header Host $host; From bb71ca76af24653c801ce55fb58a1c5c7cd2a1af Mon Sep 17 00:00:00 2001 From: Blue Mouse Date: Mon, 26 Jan 2026 00:50:24 +0000 Subject: [PATCH 5/7] Use descriptive language --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 39df856..aeb44f9 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ git clone https://github.com/swetrix/selfhosting cd selfhosting ``` 2. [Install Docker](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04?ref=swetrix.com) if you haven't already. -3. Configure the environment variables for your Swetrix instance. It can be easily done by running `./configure.sh` script, which will ask you to provide the necessary values (including `BASE_URL`) and generate a `.env` file with them. A table explaining what each value means can be found [here](https://docs.swetrix.com/selfhosting/configuring). +3. Configure the environment variables for your Swetrix instance. It can be easily done by running `./configure.sh` script, which will ask you to provide the necessary values (including `BASE_URL`) and generate a `.env` file with them. See the [configuration variable reference](https://docs.swetrix.com/selfhosting/configuring). 4. Run `docker compose up -d` to start the Swetrix services. 5. After that, you will be able to access Swetrix web portal at the URL you set in `BASE_URL` (by default, `http://localhost`). From aefbba52ccd4939dbb8c87102b32bbe26b6c1a54 Mon Sep 17 00:00:00 2001 From: Blue Mouse Date: Mon, 26 Jan 2026 01:02:59 +0000 Subject: [PATCH 6/7] Config hardening --- nginx/config | 51 +++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 47 insertions(+), 4 deletions(-) diff --git a/nginx/config b/nginx/config index ac3dd8c..109aa7c 100644 --- a/nginx/config +++ b/nginx/config @@ -3,20 +3,63 @@ server { listen [::]:80; server_name _; + # security headers + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + add_header Permissions-Policy "interest-cohort=()" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + # Keep /backend/ prefix; this is used to route requests to the Swetrix API. location /backend/ { proxy_pass http://swetrix-api:5005/; proxy_http_version 1.1; proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Proxy headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Forwarded $proxy_add_forwarded; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + + # Proxy buffering (prevents truncated responses for large files) + proxy_buffering on; + proxy_buffer_size 256k; + proxy_buffers 32 512k; + proxy_busy_buffers_size 4m; + proxy_max_temp_file_size 1024m; } location / { proxy_pass http://swetrix:3000; proxy_http_version 1.1; proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Proxy headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Forwarded $proxy_add_forwarded; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + + # Proxy buffering (prevents truncated responses for large files) + proxy_buffering on; + proxy_buffer_size 256k; + proxy_buffers 32 512k; + proxy_busy_buffers_size 4m; + proxy_max_temp_file_size 1024m; } + + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; } From 98c6807e0d0760a786a5c2ca82cf1e7d7b788c81 Mon Sep 17 00:00:00 2001 From: Blue Mouse Date: Mon, 26 Jan 2026 21:49:19 +0000 Subject: [PATCH 7/7] Fix config for websocket support --- nginx/config | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/nginx/config b/nginx/config index 109aa7c..86c5ffc 100644 --- a/nginx/config +++ b/nginx/config @@ -1,3 +1,8 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + "" close; +} + server { listen 80; listen [::]:80; @@ -20,7 +25,6 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Forwarded $proxy_add_forwarded; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; @@ -43,7 +47,6 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Forwarded $proxy_add_forwarded; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host;