diff --git a/terraform/cloud-init.yaml.tpl b/terraform/cloud-init.yaml.tpl index ce5f628..39309fd 100644 --- a/terraform/cloud-init.yaml.tpl +++ b/terraform/cloud-init.yaml.tpl @@ -26,7 +26,7 @@ mkdir -p /var/www/${project_name}/js DOMAIN=${domain} # Set up nginx configuration -cat << 'EOF' > /etc/nginx/sites-available/${project_name} +cat > /etc/nginx/sites-available/${project_name} << NGINXEOF server { root /var/www/${project_name}; index index.html; @@ -36,11 +36,11 @@ server { add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; add_header Expires "0"; - try_files $uri $uri/ =404; + try_files \$uri \$uri/ =404; } location / { - try_files $uri $uri/ =404; + try_files \$uri \$uri/ =404; } add_header X-Frame-Options "SAMEORIGIN" always; @@ -60,9 +60,9 @@ server { listen 80; listen [::]:80; server_name ${domain} www.${domain}; - return 301 https://$host$request_uri; + return 301 https://\$host\$request_uri; } -EOF +NGINXEOF # Symlink nginx config ln -sf /etc/nginx/sites-available/${project_name} /etc/nginx/sites-enabled/${project_name} @@ -70,8 +70,29 @@ ln -sf /etc/nginx/sites-available/${project_name} /etc/nginx/sites-enabled/${pro # Remove default nginx site rm -f /etc/nginx/sites-enabled/default +# Set up nginx snippet for contact-api proxy (NO proxy_set_header Origin — breaks CORS) +cat > /etc/nginx/snippets/contact-api.conf << 'PROXYEOF' +location /api/contact { + proxy_pass http://127.0.0.1:3001; + proxy_http_version 1.1; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; +} + +location /api/health { + proxy_pass http://127.0.0.1:3001; + proxy_http_version 1.1; + proxy_set_header Host \$host; +} +PROXYEOF + +# Include the snippet in the main server block +sed -i '/location \/ {/i\ include /etc/nginx/snippets/contact-api.conf;' /etc/nginx/sites-available/${project_name} + # Set up contact-api service -cat << 'EOF' > /etc/systemd/system/contact-api.service +cat > /etc/systemd/system/contact-api.service << 'SVCEOF' [Unit] Description=Contact Form API - Email Backend After=network.target @@ -85,24 +106,21 @@ ExecStart=/usr/bin/node src/index.js Restart=on-failure RestartSec=10 -# Environment EnvironmentFile=/opt/contact-api/.env -# Security NoNewPrivileges=true PrivateTmp=true ProtectSystem=strict ProtectHome=true ReadWritePaths=/opt/contact-api -# Logging StandardOutput=journal StandardError=journal SyslogIdentifier=contact-api [Install] WantedBy=multi-user.target -EOF +SVCEOF # Start nginx systemctl restart nginx @@ -111,22 +129,15 @@ systemctl restart nginx systemctl daemon-reload systemctl enable contact-api.service -# Create .env file for contact-api -cat << 'EOF' > /opt/contact-api/.env -PORT=3001 -SMTP_HOST=smtp.example.com -SMTP_PORT=587 -SMTP_USER=your-email@example.com -SMTP_PASS=your-password -FROM_EMAIL=noreply@krustyplanet.org -FROM_NAME=KrustyPlanet -EOF - -# Download contact-api source +# Download contact-api source from Forgejo cd /opt/contact-api -git clone https://codeberg.org/jez/contact-api.git . -# Or download from URL if git repo doesn't exist -# curl -L https://example.com/contact-api.tar.gz | tar -xzf - +git clone ssh://git@git.jezzahehn.com:2222/KrustyPlanet/contact-api.git . +chown -R www-data:www-data /opt/contact-api + +# .env will be created manually or via secrets management +cat > /opt/contact-api/.env << 'ENVEOF' +CONTACT_API_PORT=3001 +ENVEOF # Install dependencies npm install