Skip to content

Makepad-fr/nginx

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github/workflows
.github/workflows
 
 
envs/production
envs/production
 
 
sites
sites
 
 
AGENTS.md
AGENTS.md
 
 
README.md
README.md
 
 
compose.yml
compose.yml
 
 

Repository files navigation

Makepad Nginx

Shared Nginx reverse proxy deployment for Makepad-fr applications.

This repository owns the shared proxy stack for application VMs. Application repositories should not deploy Nginx directly. They should only attach their services to the shared application overlay network created or managed by this repository.

Layout

  • compose.yml: base Nginx service definition
  • sites/catwlk-*.conf.template: Catwlk virtual host templates
  • sites/alerteconso-prod.conf.template: Alerte Conso virtual host template
  • sites/le-petit-coin-prod.conf.template: au petit coin backend virtual host template
  • envs/production/compose.yml: production Swarm overrides
  • envs/production/.env.proxy: production proxy settings

Networks

The proxy joins shared external overlay networks:

  • ${MAKEPAD_PROXY_PROD_APP_NETWORK}
  • ${MAKEPAD_PROXY_CANARY_APP_NETWORK}
  • ${MAKEPAD_PROXY_ALERTECONSO_APP_NETWORK}
  • ${MAKEPAD_PROXY_LE_PETIT_COIN_APP_NETWORK}

Each application stack attaches to its corresponding shared network and exposes a stable DNS alias there. aupetitcoin.makepad.fr proxies to LE_PETIT_COIN_PROD_UPSTREAM, which defaults to http://le-petit-coin-backend:8080 to match the backend stack's production LE_PETIT_COIN_BACKEND_ALIAS.

Node Labels

Pin the shared proxy to proxy-capable nodes:

docker node update --label-add infra.makepad.proxy=true <proxy-node>

Deployment

The deploy workflow runs automatically on pushes to main that change the proxy Compose files, production environment, site templates, or the deploy workflow itself. It can also be run manually from GitHub Actions.

Required environment secrets:

  • DEPLOY_SSH_HOST
  • DEPLOY_SSH_PORT
  • DEPLOY_SSH_USER
  • DEPLOY_SSH_PRIVATE_KEY
  • DEPLOY_REMOTE_DIR
  • DEPLOY_STACK_NAME
  • MAKEPAD_PROXY_PROD_APP_NETWORK
  • MAKEPAD_PROXY_CANARY_APP_NETWORK
  • MAKEPAD_PROXY_ALERTECONSO_APP_NETWORK
  • MAKEPAD_PROXY_LE_PETIT_COIN_APP_NETWORK

The workflow deploys only the proxy stack. If the shared application network does not exist yet, it is created on the manager before deployment.

TLS

Certificates must already exist on the proxy VM under /etc/letsencrypt, matching the paths configured in envs/<environment>/.env.proxy.

For aupetitcoin.makepad.fr, the production proxy expects:

  • /etc/letsencrypt/live/aupetitcoin.makepad.fr/fullchain.pem
  • /etc/letsencrypt/live/aupetitcoin.makepad.fr/privkey.pem

About

Shared Nginx reverse proxy deployment for Makepad-fr apps

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors