d-bis/CurrenciCombo
4
0
Fork 0
Code Issues Pull Requests 9 Actions Packages Projects Releases Wiki Activity
Files
a6a9d38bcee301e4700215f188f9d4eab7455f61
CurrenciCombo/scripts/deployment/webapp-nginx.conf
Devin AI a6a9d38bce PR AB: complete Phoenix deployment scaffolding (add 3 missing files referenced by main 4a1f69a) 
main 4a1f69a 'deploy: make Phoenix redeploys archive-safe' adopted the
Phoenix deployment scaffolding from the abandoned PR #31 branch but
landed with three referenced-but-missing files. This PR adds exactly
those three files, unchanged from the PR #31 branch, so main is
internally consistent and bootable on CT 8604.

What main references but does not have
--------------------------------------

1. scripts/deployment/webapp-nginx.conf
   Referenced by: systemd/currencicombo-webapp.service (ExecStart calls
   'nginx -c /etc/currencicombo/webapp-nginx.conf') and install.sh
   (NGINX_FILE="${ETC_DIR}/webapp-nginx.conf"; install -m 0644 of
   "${SCRIPT_DIR}/webapp-nginx.conf").
   Without this file: webapp unit fails on start with 'nginx: [emerg]
   open() "/etc/currencicombo/webapp-nginx.conf" failed'.

2. scripts/deployment/systemd/currencicombo-orchestrator.service
   Referenced by: deploy-currencicombo-8604.sh (line 40:
   ${ORCHESTRATOR_UNIT:=currencicombo-orchestrator.service};
   lines 101/104 systemctl stop/start) and install.sh (line 238
   install -m 0644 of
   "${SCRIPT_DIR}/systemd/currencicombo-orchestrator.service";
   line 248 systemctl enable).
   Without this file: install.sh fails at the install step, deploy
   script fails at 'systemctl stop currencicombo-orchestrator.service
   Unit not found'.

3. scripts/deployment/install-prune-cron.sh
   Referenced by: README.md (step 4: 'bash /var/lib/currencicombo/repo/
   scripts/deployment/install-prune-cron.sh' and the 'Backup retention
   / pruning' section).
   Without this file: ops follows the README, hits a 'No such file'
   and has to reconstruct the pruner from prose.

Provenance
----------

All three files are verbatim copies of the same three files from the
closed PR #31 branch devin/1776898782-pr-aa-phoenix-migration (commit
ded7d24), which was the source PR #31 reviewers discussed when the
three ops improvements (loud-failure rollback, keep-min-5 prune cron,
/root/currencicombo-first-keys.txt 0600) were locked. main already
absorbed everything else from PR #31 as commit 4a1f69a.

Verification
------------

- shellcheck --severity=warning scripts/deployment/install-prune-cron.sh: clean
- bash -n on install-prune-cron.sh: clean
- systemd-analyze verify on currencicombo-orchestrator.service: clean
  (only unrelated-host-service errors surface on this build box)
- sudo bash scripts/deployment/install-prune-cron.sh --dry-run: prints
  the exact cron body with retain=30, keep-min=5, targeting
  /var/lib/currencicombo/backups, as expected.
- nginx -T on webapp-nginx.conf: not run (nginx not installed on
  build box); tested on the CT in PR #31's pre-close verification run.

Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
2026-04-23 04:26:50 +00:00

81 lines
2.5 KiB
Plaintext
Raw Blame History

# Self-contained nginx.conf for the CurrenciCombo Vite SPA.
# Invoked by the `currencicombo-webapp.service` systemd unit and installed
# to /etc/currencicombo/webapp-nginx.conf by scripts/deployment/install.sh.
#
# Listens on :3000 (NPMplus upstream). NPMplus path-routes /api/* to the
# orchestrator on :8080 (with SSE-friendly settings — see README.md);
# everything else lands here.
# This config does NOT proxy /api itself — that's intentional so a wrong
# NPMplus rule fails loudly instead of silently bypassing the orchestrator.
worker_processes auto;
error_log /var/log/currencicombo/webapp-nginx.error.log warn;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/currencicombo/webapp-nginx.access.log combined;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_tokens off;
gzip on;
gzip_types text/plain text/css application/javascript application/json image/svg+xml;
gzip_min_length 1024;
# Uploads/bodies: the portal is a static SPA, so any request with a body
# is almost certainly mis-routed. Cap tight.
client_max_body_size 1m;
server {
listen 3000 default_server;
listen [::]:3000 default_server;
server_name _;
root /opt/currencicombo/webapp/dist;
index index.html;
# Security headers are also set by NPMplus, but apply them here too
# so they survive a direct-to-CT curl for debugging.
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Immutable asset bundles.
location /assets/ {
access_log off;
expires 1y;
add_header Cache-Control "public, max-age=31536000, immutable";
try_files $uri =404;
}
# Deny sourcemaps in prod.
location ~ \.map$ {
access_log off;
deny all;
return 404;
}
# Guard-rail: if NPMplus fails to path-route /api/*, surface it as a
# clean 421 rather than serving index.html and confusing the browser
# with a JSON parse error. The SSE endpoint lives at
# /api/plans/:id/events/stream, which also sits under /api/, so one
# rule covers both.
location /api/ {
return 421 "NPMplus is misconfigured: /api/* must proxy to orchestrator :8080\n";
add_header Content-Type text/plain always;
}
# SPA fallback. Must come last.
location / {
try_files $uri $uri/ /index.html;
}
}
}
Reference in New Issue View Git Blame Copy Permalink