efim
/
go-ssr-pocketbase-oauth-attempt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: utilizing cool options for nginx

This commit is contained in:
efim 2023-10-09 03:15:41 +00:00
parent eb2b170335
commit e4c79b2155
2 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
auth-notes.org
View File

@ -184,7 +184,7 @@ now works
because front-end is setting up js 'new PocketBase' with 127.0.0.1 connection because front-end is setting up js 'new PocketBase' with 127.0.0.1 connection
*** adding a custom flag: *** adding a custom flag:
https://github.com/pocketbase/pocketbase/discussions/1900 https://github.com/pocketbase/pocketbase/discussions/1900
** TODO change some additional config to option : ** DONE change some additional config to option :
${optionalString config.proxyWebsockets '' ${optionalString config.proxyWebsockets ''
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
@ -192,13 +192,29 @@ https://github.com/pocketbase/pocketbase/discussions/1900
''} ''}
( also in planning poker repo ) ( also in planning poker repo )
https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/services/web-servers/nginx/default.nix#L428
** TODO add docker image from nix ** TODO add docker image from nix
*** CANCELLED add cli for port and host *** CANCELLED add cli for port and host
** TODO add readme and comments ** TODO add readme and comments
** TODO configure tls / ssl / https on franzk deployment ** DONE configure tls / ssl / https on franzk deployment
https://nixos.org/manual/nixos/stable/#module-security-acme-nginx
( and also same here https://nixos.wiki/wiki/Nginx )
can it be configured on render.com? can it be configured on render.com?
omg
line 112 & 113 in project config:
http://git.sunshine.industries/efim/go-ssr-pocketbase-oauth-attempt/commit/875de35177462f21732e3ba108a94d77a543da05
and this in my server config:
https://github.com/efim/dotfiles/commit/b3695148082d8c9850a781aaa7a88920bdb1fa7f
this is all that's needed to enable tls
mind blown
** TODO somehow set cookie to httpOnly & secure
with ability to disable for development session
** TODO maybe add middleware so that 401 would be a page, and not json ** TODO maybe add middleware so that 401 would be a page, and not json
** TODO get icons for the auth providers. surely they are accessible from the pocketbase itself? ** TODO get icons for the auth providers. surely they are accessible from the pocketbase itself?
http://localhost:8090/_/images/oauth2/apple.svg http://localhost:8090/_/images/oauth2/apple.svg

3
flake.nix
View File

@ -114,10 +114,9 @@
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyPass = "http://127.0.0.1:${toString cfg.port}";
# taken from https://pocketbase.io/docs/going-to-production/ # taken from https://pocketbase.io/docs/going-to-production/
proxyWebsockets = true;
extraConfig = '' extraConfig = ''
# check http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive # check http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
proxy_set_header Connection ''';
proxy_http_version 1.1;
proxy_read_timeout 360s; proxy_read_timeout 360s;
proxy_set_header Host $host; proxy_set_header Host $host;