diff --git a/.env.example b/.env.example index a44dd78..4298419 100644 --- a/.env.example +++ b/.env.example @@ -3,7 +3,8 @@ # For more information, refer to our documentation: https://docs.swetrix.com/selfhosting/configuring # Swetrix Frontend configuration -API_URL=http://localhost:8080 +# Public URL where your Swetrix instance is reachable (no trailing slash). +BASE_URL=http://localhost # Swetrix API configuration @@ -14,7 +15,6 @@ SECRET_KEY_BASE= DISABLE_REGISTRATION=true IP_GEOLOCATION_DB_PATH= DEBUG_MODE=false -CLOUDFLARE_PROXY_ENABLED=false # Emails configuration (SMTP) # See https://docs.swetrix.com/selfhosting/configuring#email-configuration-smtp @@ -33,3 +33,7 @@ OIDC_ONLY_AUTH=false OIDC_DISCOVERY_URL=http://localhost:8080/.well-known/openid-configuration OIDC_CLIENT_ID= OIDC_CLIENT_SECRET= +OIDC_PROMPT=select_account + +# Additional configuration +CLIENT_IP_HEADER=x-forwarded-for diff --git a/README.md b/README.md index dacc326..aeb44f9 100644 --- a/README.md +++ b/README.md @@ -20,8 +20,8 @@ git clone https://github.com/swetrix/selfhosting cd selfhosting ``` 2. [Install Docker](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04?ref=swetrix.com) if you haven't already. -3. Configure the environment variables for your Swetrix instance. It can be easily done by running `./configure.sh` script, which will ask you to provide the necessary values and generate a `.env` file with them. A table explaining what each value means can be found [here](https://docs.swetrix.com/selfhosting/configuring). +3. Configure the environment variables for your Swetrix instance. It can be easily done by running `./configure.sh` script, which will ask you to provide the necessary values (including `BASE_URL`) and generate a `.env` file with them. See the [configuration variable reference](https://docs.swetrix.com/selfhosting/configuring). 4. Run `docker compose up -d` to start the Swetrix services. -5. After that, you will be able to access Swetrix web portal on the port you specified in `swetrix` category in `compose.yaml` (by default, it's set to `80`). +5. After that, you will be able to access Swetrix web portal at the URL you set in `BASE_URL` (by default, `http://localhost`). And that's it! :) If you have any questions, feel free to join our [Discord community](https://discord.gg/ZVK8Tw2E8j). You can also star our [main repository](https://github.com/Swetrix/swetrix) as a token of appreciation. diff --git a/compose.yaml b/compose.yaml index 48c3da6..2204270 100644 --- a/compose.yaml +++ b/compose.yaml @@ -1,14 +1,12 @@ services: # This is Swetrix user interface application, it's used to display the analytics data, render charts, etc. swetrix: - image: swetrix/swetrix-fe:v4.1.0 + image: swetrix/swetrix-fe:v5.0.0 restart: always depends_on: - swetrix-api - ports: - - "80:3000" environment: - - API_URL=${API_URL} + - BASE_URL=${BASE_URL} healthcheck: test: [ @@ -20,18 +18,15 @@ services: # This is Swetrix API, it's purpose is to collect incoming analytical events and serve the data to the UI swetrix-api: - image: swetrix/swetrix-api:v4.1.0 + image: swetrix/swetrix-api:v5.0.0 restart: always container_name: swetrix-api - ports: - - "8080:5005" environment: # Configurable with .env file - SECRET_KEY_BASE=${SECRET_KEY_BASE} - DISABLE_REGISTRATION - IP_GEOLOCATION_DB_PATH - DEBUG_MODE - - CLOUDFLARE_PROXY_ENABLED # Emails configuration (SMTP) - SMTP_HOST @@ -114,6 +109,22 @@ services: nofile: soft: 262144 hard: 262144 + + nginx-proxy: + image: nginx:1.29.4-alpine + restart: always + depends_on: + swetrix: + condition: service_healthy + swetrix-api: + condition: service_healthy + links: + - "swetrix-api" + - "swetrix" + ports: + - "80:80" + volumes: + - ./nginx/config:/etc/nginx/conf.d/default.conf volumes: swetrix-events-data: driver: local diff --git a/configure.sh b/configure.sh index 333ec75..111ed21 100755 --- a/configure.sh +++ b/configure.sh @@ -251,15 +251,16 @@ echo -e "${GREEN}Creating new .env file...${NC}" echo -e "# Swetrix Frontend configuration" > .env -# API_URL +# BASE_URL while true; do - echo - read -e -p "Enter API_URL of your Swetrix API instance (required, e.g., https://api.swetrix.example.com): " api_url - if [ -n "$api_url" ]; then - echo "API_URL=$api_url" >> .env + echo + read -e -p "Enter public URL of your Swetrix instance (required, e.g., https://swetrix.example.com): " base_url + if [ -n "$base_url" ]; then + base_url="$(echo "$base_url" | sed 's:/*$::')" + echo "BASE_URL=$base_url" >> .env break else - echo -e "${RED}API_URL is required. Please enter a value.${NC}" + echo -e "${RED}BASE_URL is required. Please enter a value.${NC}" fi done @@ -274,16 +275,6 @@ if [ -z "$secret_key_base" ]; then fi echo "SECRET_KEY_BASE=$secret_key_base" >> .env -# Cloudflare proxy -echo -read -p "Enable Cloudflare proxy? (y/N): " -n 1 -r -echo -if [[ $REPLY =~ ^[Yy]$ ]]; then - echo "CLOUDFLARE_PROXY_ENABLED=true" >> .env -else - echo "CLOUDFLARE_PROXY_ENABLED=false" >> .env -fi - # Debug mode (always false) echo "DEBUG_MODE=false" >> .env echo "IP_GEOLOCATION_DB_PATH=" >> .env diff --git a/nginx/config b/nginx/config index a984924..86c5ffc 100644 --- a/nginx/config +++ b/nginx/config @@ -1,27 +1,68 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + "" close; +} + server { - listen 81; - listen [::]:81; - # server_name swetrix.yourdomain.com; + listen 80; + listen [::]:80; server_name _; - location / { - proxy_pass http://localhost:80; + # security headers + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + add_header Permissions-Policy "interest-cohort=()" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + # Keep /backend/ prefix; this is used to route requests to the Swetrix API. + location /backend/ { + proxy_pass http://swetrix-api:5005/; + proxy_http_version 1.1; proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} -server { - listen 8081; - listen [::]:8081; - # server_name api.swetrix.yourdomain.com; - server_name _; + # Proxy headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + + # Proxy buffering (prevents truncated responses for large files) + proxy_buffering on; + proxy_buffer_size 256k; + proxy_buffers 32 512k; + proxy_busy_buffers_size 4m; + proxy_max_temp_file_size 1024m; + } location / { - proxy_pass http://localhost:8080; + proxy_pass http://swetrix:3000; + proxy_http_version 1.1; proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Proxy headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + + # Proxy buffering (prevents truncated responses for large files) + proxy_buffering on; + proxy_buffer_size 256k; + proxy_buffers 32 512k; + proxy_busy_buffers_size 4m; + proxy_max_temp_file_size 1024m; } + + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; }