-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhttps.txt
170 lines (142 loc) · 4.36 KB
/
https.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
// vite.config.js
import { defineConfig } from 'vite'
import react from '@vitejs/plugin-react'
import fs from 'fs'
import path from 'path'
export default defineConfig({
plugins: [react()],
server: {
host: '0.0.0.0',
port: 443, // Standard HTTPS port
strictPort: true,
https: {
key: fs.readFileSync('/etc/letsencrypt/live/11oclocktoast.com/privkey.pem'),
cert: fs.readFileSync('/etc/letsencrypt/live/11oclocktoast.com/fullchain.pem')
},
hmr: {
protocol: 'wss', // Use secure WebSocket for HMR
clientPort: 443
}
}
})
// To run the server with sudo (needed for port 443), create a start script
// start.sh
#!/bin/bash
```bash
#!/bin/bash
# Check if running as root
if [ "$EUID" -ne 0 ]; then
echo "Please run as root (use sudo)"
exit 1
fi
# Set proper Node.js environment
export NODE_ENV=production
# Use the system's Node.js
NODE_PATH=$(which node)
# Get the actual user who invoked sudo
ACTUAL_USER=$(who am i | awk '{print $1}')
ACTUAL_HOME=$(getent passwd "$ACTUAL_USER" | cut -d: -f6)
# Use the actual user's npm configuration
export NPM_CONFIG_PREFIX="$ACTUAL_HOME/.npm-global"
export PATH="$NPM_CONFIG_PREFIX/bin:$PATH"
# Run Vite
cd /home/cdr/domains/thegivehub.com/frontend
$NODE_PATH /home/cdr/domains/thegivehub.com/frontend/node_modules/vite/bin/vite.js
```
Save this as a script and make it executable:
```bash
chmod +x start.sh
```
Now you can run:
```bash
sudo ./start.sh
```
To ensure your Node.js process can read the Let's Encrypt certificates:
```bash
# Add your user to the ssl-cert group
sudo usermod -a -G ssl-cert $USER
# Set proper permissions for the Let's Encrypt directory
sudo chmod -R g+rX /etc/letsencrypt/live/
sudo chmod -R g+rX /etc/letsencrypt/archive/
# You might need to log out and back in for the group changes to take effect
```
Alternative approach using a reverse proxy (recommended):
1. Install Nginx:
```bash
sudo apt update
sudo apt install nginx
```
2. Configure Nginx to proxy to Vite (running on a higher port):
```nginx
# /etc/nginx/sites-available/thegivehub.conf
server {
listen 443 ssl;
server_name 11oclocktoast.com;
ssl_certificate /etc/letsencrypt/live/11oclocktoast.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/11oclocktoast.com/privkey.pem;
# Modern SSL configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (uncomment if you're sure)
# add_header Strict-Transport-Security "max-age=63072000" always;
location / {
proxy_pass http://localhost:5173;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# WebSocket support for HMR
location /ws {
proxy_pass http://localhost:5173;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}
# Don't forget HTTP to HTTPS redirect
server {
listen 80;
server_name 11oclocktoast.com;
return 301 https://$server_name$request_uri;
}
```
3. Enable the site:
```bash
sudo ln -s /etc/nginx/sites-available/thegivehub.conf /etc/nginx/sites-enabled/
sudo nginx -t # Test the configuration
sudo systemctl restart nginx
```
4. Update Vite config to run on a regular port:
```javascript
// vite.config.js
export default defineConfig({
plugins: [react()],
server: {
host: '0.0.0.0',
port: 5173,
strictPort: true,
hmr: {
// HMR configuration for working through Nginx
host: '11oclocktoast.com',
protocol: 'wss',
clientPort: 443
}
}
})
```
The Nginx approach is recommended because:
1. Better security (no need to run Node as root)
2. Better performance (static file serving)
3. Easier certificate management
4. Built-in HTTP to HTTPS redirect
5. Ability to add other security headers
6. Better WebSocket handling for HMR
Would you like me to:
1. Add more security headers to Nginx?
2. Set up automatic certificate renewal?
3. Configure development vs production settings?
4. Add error pages and logging?