Enabling TLS and adding mongoDB (#86)

* enble tls with certbot

* also adding mongo

* redirect to https

* persisting data volume for mongodb

client/nginx.conf

@@ -16,18 +16,24 @@ http {
     sendfile on;
 
     server {
-        listen 8080 default_server;
-        listen [::]:8080;
+        listen 8080;
+        server_name substrait-fiddle.com;
+        return 301 https://$host$request_uri;
+    }
+
+    server {
+        listen 443 ssl;
 
         # Ideally, should figure this out.  I believe it to be specific
         # to the environment.
         # resolver 127.0.0.11;
 
         # Since this is the default (and only server) we don't need a
         # valid server_name.  _ is convention.
-        server_name _;
-        # Don't send nginx version in error pages.  Not really needed.
-        server_tokens off;
+        server_name substrait-fiddle.com;
+
+        ssl_certificate /etc/letsencrypt/live/substrait-fiddle.com/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/substrait-fiddle.com/privkey.pem;
 
         root /app/static;
 
@@ -39,5 +45,9 @@ http {
             proxy_set_header Host $host;
             proxy_cache_bypass $http_upgrade;
         }
+
+        location / {
+            try_files $uri $uri/ /index.html;
+        }
     }
 }

docker-compose.yaml

@@ -8,21 +8,31 @@ services:
     environment:
      - DUCKDB_POOL_SIZE=5
      - VITE_SESSION_SECRET=$VITE_SESSION_SECRET
+     - PROD_MONGO_URL=mongodb://mongo:27017/
     networks:
       - fiddle-network
-
   client:
     build:
       context: ./client
       args:
       - VITE_SESSION_SECRET=$VITE_SESSION_SECRET
     ports:
       - "80:8080"
+      - "443:443"
     networks:
       - fiddle-network
     environment:
      - NODE_ENV=production
-
+    volumes:
+      - /etc/letsencrypt:/etc/letsencrypt
+  mongo:
+    image: mongo
+    ports:
+      - "27017:27017"
+    networks:
+      - fiddle-network
+    volumes:
+      - ~/mongo/data:/data/db
 networks:
   fiddle-network:
     driver: bridge