Skip to content

feat: update docker-compose and add Nginx configuration for SSL and r… #3042

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 7, 2025
Merged

feat: update docker-compose and add Nginx configuration for SSL and r… #3042

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 51 additions & 24 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
version: '3'

services:
# MongoDB
mongo:
Expand Down Expand Up @@ -26,11 +28,12 @@ services:

# Sparrow Api Server
sparrow-api:
image: sparrowapi/sparrow-api:v1
ports:
- "9000:9000"
- "9001:9001"
- "9002:9002"
image: sparrowapi/sparrow-api:7
# Don't expose ports directly, as they'll be proxied through nginx
# ports:
# - "9000:9000"
# - "9001:9001"
# - "9002:9002"
networks:
- localnet
depends_on:
Expand All @@ -41,18 +44,21 @@ services:

# Sparrow Auth Server
sparrow-auth:
image: sparrowapi/sparrow-auth:v1
ports:
- "1421:80"
build:
context: https://github.com/sparrowapp-dev/sparrow-app-auth.git
dockerfile: Dockerfile
# Don't expose port directly
# ports:
# - "1421:80"
networks:
- localnet
depends_on:
- sparrow-api
- mongo
- kafka
env_file:
- .env.docker-setup
command: >-
- .env.docker-setup
command: >-
sh -c "
echo 'window.runtimeConfig = {
VITE_API_URL: \"${VITE_API_URL}\",
Expand All @@ -68,10 +74,12 @@ services:

# Sparrow Proxy Service
sparrow-proxy:
image: sparrowapi/sparrow-proxy-service:v1
platform: linux/amd64
ports:
- "3000:3000"
build:
context: https://github.com/sparrowapp-dev/sparrow-proxy-service.git
dockerfile: Dockerfile
# Don't expose port directly
# ports:
# - "3000:3000"
networks:
- localnet

Expand All @@ -82,24 +90,24 @@ services:
dockerfile: Sparrow-Web.Dockerfile
args:
VITE_WEB_API_TIMEOUT: 5000
VITE_WEB_API_URL: http://localhost:9000
VITE_WEB_AUTH_URL: http://localhost:1421
VITE_WEB_SOCKET_IO_API_URL: http://localhost:9001
VITE_WEB_SPARROW_OAUTH: http://localhost:9000/api/auth/google/callback
VITE_WEB_API_URL: ${VITE_WEB_API_URL}
VITE_WEB_AUTH_URL: ${VITE_WEB_AUTH_URL}
VITE_WEB_SOCKET_IO_API_URL: ${VITE_WEB_SOCKET_IO_API_URL}
VITE_WEB_SPARROW_OAUTH: ${VITE_WEB_SPARROW_OAUTH}
VITE_WEB_TERMS_OF_SERVICE: https://example.dev/termsandconditions
VITE_WEB_BASE_URL: http://localhost:9000
VITE_WEB_BASE_URL: ${VITE_WEB_BASE_URL}
VITE_WEB_SPARROW_GITHUB: https://github.com/sparrowapp-dev
VITE_WEB_SPARROW_LINKEDIN: https://www.linkedin.com/showcase/sparrow-app/
VITE_WEB_SPARROW_DOWNLOAD_LINK: https://github.com/sparrowapp-dev/sparrow-app/releases
VITE_WEB_RELEASE_NOTES_API: https://api.github.com/repos/sparrowapp-dev/sparrow-app/releases
VITE_WEB_SPARROW_DOCS: https://docs.sparrowapp.dev/docs/intro
VITE_WEB_PROXY_SERVICE: http://localhost:3000
VITE_WEB_PROXY_SERVICE: ${VITE_WEB_PROXY_SERVICE}
VITE_WEB_ENABLE_MIX_PANEL: false
VITE_WEB_MIX_PANEL_TOKEN:
VITE_WEB_SPARROW_AI_WEBSOCKET: "ws://localhost:9000/ai-assistant"

ports:
- "1422:80"
VITE_WEB_SPARROW_AI_WEBSOCKET: ${VITE_WEB_SPARROW_AI_WEBSOCKET}
# Don't expose port directly
# ports:
# - "1422:80"
networks:
- localnet
depends_on:
Expand All @@ -109,6 +117,25 @@ services:
- mongo
- kafka

# Nginx Reverse Proxy with SSL
nginx-proxy:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/ssl:/etc/nginx/ssl
- ./nginx/html:/usr/share/nginx/html
- ./nginx/logs:/var/log/nginx
networks:
- localnet
depends_on:
- sparrow-api
- sparrow-auth
- sparrow-web
restart: always

volumes:
kafka_data:
driver: local
Expand Down
102 changes: 102 additions & 0 deletions nginx/conf.d/sparrow.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
# Redirect HTTP to HTTPS
server {
listen 80;
server_name api.yourdomain.com auth.yourdomain.com app.yourdomain.com;

location /.well-known/acme-challenge/ {
root /usr/share/nginx/html;
}

location / {
return 301 https://$host$request_uri;
}
}

# Sparrow API configuration
server {
listen 443 ssl;
server_name api.yourdomain.com;

ssl_certificate /etc/nginx/ssl/api.yourdomain.com.crt;
ssl_certificate_key /etc/nginx/ssl/api.yourdomain.com.key;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

location / {
proxy_pass http://sparrow-api:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

# WebSocket support for socket.io
location /socket.io/ {
proxy_pass http://sparrow-api:9001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}

# WebSocket support for AI assistant
location /ai-assistant {
proxy_pass http://sparrow-api:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

# Sparrow Auth configuration
server {
listen 443 ssl;
server_name auth.yourdomain.com;

ssl_certificate /etc/nginx/ssl/auth.yourdomain.com.crt;
ssl_certificate_key /etc/nginx/ssl/auth.yourdomain.com.key;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

location / {
proxy_pass http://sparrow-auth:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

# Sparrow Web configuration
server {
listen 443 ssl;
server_name app.yourdomain.com;

ssl_certificate /etc/nginx/ssl/app.yourdomain.com.crt;
ssl_certificate_key /etc/nginx/ssl/app.yourdomain.com.key;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

location / {
proxy_pass http://sparrow-web:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Loading