ospab/ospab.host
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fc194dd5824bb2d15d4a2e440509101fcb2812a3
ospab.host/ospabhost/NGINX_DEPLOY.md
Georgiy Syralev a2809a705f english version update
2025-12-31 19:59:43 +03:00

155 lines
2.8 KiB
Markdown
Raw Blame History

# Nginx Deployment Guide for ospab.host
## Prerequisites
- Ubuntu 20.04+ или Debian 11+
- Nginx 1.18+
- Node.js 18+
- PM2 (для управления процессами)
- Certbot (для SSL)
## Installation
### 1. Install Nginx
```bash
sudo apt update
sudo apt install nginx -y
```
### 2. Install Certbot
```bash
sudo apt install certbot python3-certbot-nginx -y
```
### 3. Setup SSL Certificate
```bash
# Stop nginx temporarily
sudo systemctl stop nginx
# Get certificate
sudo certbot certonly --standalone -d ospab.host -d www.ospab.host
# Restart nginx
sudo systemctl start nginx
```
### 4. Deploy Nginx Configuration
```bash
# Copy config
sudo cp nginx.conf /etc/nginx/sites-available/ospab.host
# Create symlink
sudo ln -s /etc/nginx/sites-available/ospab.host /etc/nginx/sites-enabled/
# Remove default config
sudo rm /etc/nginx/sites-enabled/default
# Test configuration
sudo nginx -t
# Reload nginx
sudo systemctl reload nginx
```
### 5. Deploy Application
```bash
# Create deployment directory
sudo mkdir -p /var/www/ospab.host
# Clone repository
cd /var/www/ospab.host
git clone https://github.com/YOUR_REPO/ospabhost8.1.git .
# Build frontend
cd frontend
npm install
npm run build
# Build backend
cd ../backend
npm install
npm run build
# Start backend with PM2
pm2 start dist/index.js --name "ospab-backend"
pm2 save
pm2 startup
```
## Directory Structure
```
/var/www/ospab.host/
├── frontend/
│ └── dist/ # React SPA build output
├── backend/
│ ├── dist/ # Compiled TypeScript
│ └── uploads/ # Uploaded files
└── nginx.conf # Nginx configuration
```
## Useful Commands
```bash
# Check nginx status
sudo systemctl status nginx
# Reload nginx config
sudo nginx -t && sudo systemctl reload nginx
# View logs
sudo tail -f /var/log/nginx/ospab.host.access.log
sudo tail -f /var/log/nginx/ospab.host.error.log
# PM2 commands
pm2 status
pm2 logs ospab-backend
pm2 restart ospab-backend
# Renew SSL certificate
sudo certbot renew --dry-run
```
## Rate Limiting
- API endpoints: 10 requests/second (burst 20)
- Login/Register: 5 requests/minute (burst 5)
## Security Features
- HSTS enabled
- XSS Protection
- Frame Options (SAMEORIGIN)
- Content-Type sniffing prevention
- Blocked access to .git, .env, node_modules
- Blocked sensitive file extensions (.sql, .bak, .log)
## SSL Auto-Renewal
Add to crontab:
```bash
sudo crontab -e
# Add line:
0 12 * * * /usr/bin/certbot renew --quiet
```
## Troubleshooting
### 502 Bad Gateway
- Check if backend is running: `pm2 status`
- Check backend logs: `pm2 logs ospab-backend`
### 504 Gateway Timeout
- Increase `proxy_read_timeout` in nginx config
- Check backend performance
### SSL Issues
- Check certificate: `sudo certbot certificates`
- Renew if needed: `sudo certbot renew`
Reference in New Issue View Git Blame Copy Permalink