Installing NGinX to use as a front-end (based on the Deployment Chapter) - make it more robust to attacks, and to simplify serving static content (primarily images).
Another reason to use this instead of running the Smalltalk image as root is that there can be issues copying and testing an image listening to port 80 (change the Seaside port to 80, copy to a windows machine and save the image after making a data change, tar and zip up the changes and image, copy to an AWS ubuntu machine, and after starting the image, it does not listen on port 80). By running NGinX in Front of Pier, Seaside can be setup to use port 8080, and non-root required port.
Installing NGinX can be done with:
user@ip-171-41-14-123:$ sudo apt-get install nginx
Setup is described in the deployment link above, for this sites as an example:
# mkdir -p /data/www # chown -R user:root /data
Then created my necessary directories:
$ mkdir -p /data/static/images
The configuration file is setup as:
ubuntu@ip-172-31-24-213:~$ less /etc/nginx/nginx.conf user ubuntu; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; server_tokens off; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; gzip_disable "msie6"; server { listen 80; listen 443 ssl; server_name www.myborden.com; ssl_certificate /etc/letsencrypt/live/myborden.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/myborden.com/privkey.pem; # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; location /static/ { root /data; } location = /favicon.ico { alias /data/static/favicon.ico; } location / { proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; } } }
This is setup to use SSL certificates from Let's Encrypt. Reloaded the config with:
nginx -s reload