From b0d0c5d3318dc96d12b9b7883b4a38a8d6a68b21 Mon Sep 17 00:00:00 2001 From: Max Kurapov Date: Thu, 12 Sep 2024 13:16:20 +0200 Subject: [PATCH] docs: update docker compose integration docs --- .../docs/integration/prod/docker-compose.mdx | 79 ++++++++++--------- 1 file changed, 40 insertions(+), 39 deletions(-) diff --git a/packages/documentation/src/content/docs/integration/prod/docker-compose.mdx b/packages/documentation/src/content/docs/integration/prod/docker-compose.mdx index 4defcbd457..e26e33f966 100644 --- a/packages/documentation/src/content/docs/integration/prod/docker-compose.mdx +++ b/packages/documentation/src/content/docs/integration/prod/docker-compose.mdx @@ -29,34 +29,34 @@ As Let's encrypt certificates are valid for 90 days, you must set up a cron proc ```sh crontab -e ​ -0 3 * * * crontab renew +0 3 * * * certbot renew ``` ## Update DNS records -Next update the DNS records to point to the static external IP address of the volumes: +Next update the DNS records (A records) to point to the static external IP address of the virtual machine: -| service | URL | example | -| --------- | ---------------- | ---------------------- | -| admin | admin.DOMAIN | admin.myrafiki.com | -| auth | auth.DOMAIN | auth.myrafiki.com | -| connector | connector.DOMAIN | connector.myrafiki.com | -| ilp | ilp.DOMAIN | ilp.myrafiki.com | +| service | URL | example | +| ----------------------------- | ------------ | ------------------ | +| Open Payments resource server | DOMAIN | myrafiki.com | +| ILP Connector | ilp.DOMAIN | ilp.myrafiki.com | +| Open Payments auth server | auth.DOMAIN | auth.myrafiki.com | +| Admin UI | admin.DOMAIN | admin.myrafiki.com | ## Server preparation Create nginx configuration files for every exposed domain: -### Admin +### Open Payments Resource Server (`backend` package) ```sh - - server_name admin.myrafiki.com; +server { + server_name myrafiki.com; listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/admin.myrafiki.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/admin.myrafiki.com/privkey.pem; + ssl_certificate /etc/letsencrypt/live/myrafiki.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/myrafiki.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; @@ -72,16 +72,16 @@ Create nginx configuration files for every exposed domain: proxy_pass_request_headers on; - proxy_pass http://localhost:4010; + proxy_pass http://localhost:3000; } } server { - server_name admin.myrafiki.com; + server_name myrafiki.com; listen 80; - if ($host = admin.myrafiki.com) { + if ($host = myrafiki.com) { return 301 https://$host$request_uri; } @@ -89,16 +89,16 @@ server { } ``` -### Auth +### ILP Connector (`backend` package) ```sh server { - server_name auth.myrafiki.com; + server_name ilp.myrafiki.com; listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/auth.myrafiki.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/auth.myrafiki.com/privkey.pem; + ssl_certificate /etc/letsencrypt/live/ilp.myrafiki.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ilp.myrafiki.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; @@ -119,27 +119,28 @@ server { } server { - server_name auth.myrafiki.com; + server_name ilp.myrafiki.com; listen 80; - if ($host = auth.myrafiki.com) { - return 301 https://$host$request_uri; + if ($host = ilp.myrafiki.com) { + return 301 https://$host$request_uri; } return 404; } ``` -### Connector +### Open Payments Auth Server (`auth` package) ```sh server { - server_name connector.myrafiki.com; + server_name auth.myrafiki.com; listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/connector.myrafiki.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/connector.myrafiki.com/privkey.pem; # managed by Certbot + + ssl_certificate /etc/letsencrypt/live/auth.myrafiki.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/auth.myrafiki.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; @@ -155,33 +156,33 @@ server { proxy_pass_request_headers on; - proxy_pass http://localhost:3002; + proxy_pass http://localhost:3006; } } server { - server_name connector.myrafiki.com; + server_name auth.myrafiki.com; listen 80; - if ($host = connector.myrafiki.com) { - return 301 https://$host$request_uri; + if ($host = auth.myrafiki.com) { + return 301 https://$host$request_uri; } return 404; } ``` -### ILP +### Admin (`frontend` package) ```sh server { - server_name ilp.myrafiki.com; + server_name admin.myrafiki.com; listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ilp.myrafiki.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ilp.myrafiki.com/privkey.pem; + ssl_certificate /etc/letsencrypt/live/admin.myrafiki.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/admin.myrafiki.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; @@ -197,17 +198,17 @@ server { proxy_pass_request_headers on; - proxy_pass http://localhost:4000; + proxy_pass http://localhost:3005; } } server { - server_name ilp.myrafiki.com; + server_name admin.myrafiki.com; listen 80; - if ($host = ilp.myrafiki.com) { - return 301 https://$host$request_uri; + if ($host = admin.myrafiki.com) { + return 301 https://$host$request_uri; } return 404;