Sosyabot Docs

Appearance

nginx

nginx fronts every Sosyabot component with TLS. Three vhosts, one HTTPS cert per host (Let's Encrypt via Certbot is the default).

The three vhosts 

app.sosyabot.com       →  127.0.0.1:${PORT:-4200}        (backend; serves frontend bundle)
sosyabot.com           →  127.0.0.1:${LANDING_PORT:-4201} (landing site)
docs.sosyabot.com      →  127.0.0.1:${DOCS_PORT:-4202}   (docs site)

Example vhost (docs)

nginx
server {
    server_name docs.sosyabot.com;

    location / {
        proxy_pass http://127.0.0.1:4202;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen 443 ssl;                                    # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/docs.sosyabot.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/docs.sosyabot.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
    if ($host = docs.sosyabot.com) {
        return 301 https://$host$request_uri;
    }
    server_name docs.sosyabot.com;
    listen 80;
    return 404;
}

The app and landing vhosts follow the same pattern with a different upstream port.

Certbot

bash
sudo certbot --nginx -d app.sosyabot.com
sudo certbot --nginx -d sosyabot.com -d www.sosyabot.com
sudo certbot --nginx -d docs.sosyabot.com

Certbot writes the listen 443 ssl block, the if redirect block, and the certificate paths shown above. Renewal is on the system cron / systemd timer that Certbot installs.

Static-serve alternative for docs

The docs site is fully static after ./service.sh build. For a higher-throughput / lower-process-count deployment, point nginx directly at the dist directory and skip the Node vitepress preview process:

nginx
server {
    server_name docs.sosyabot.com;

    root /ssd/data/project/sosyabot/docs/content/.vitepress/dist;
    index index.html;

    location / {
        try_files $uri $uri.html $uri/ =404;
    }

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/docs.sosyabot.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/docs.sosyabot.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
}

If you take this path, drop the docs entry from COMPONENTS in service.sh so it isn't booted at ./service.sh start. The default ships with the preview process for parity with the landing component.

Logs 

/var/log/nginx/access.log
/var/log/nginx/error.log

Per-vhost logging can be split via access_log and error_log directives inside each server block.

service.sh

ENV Reference

Backups