Custom Nginx Setup

Rybbit comes with a built-in webserver (Caddy), but you can use your own web server by using the --no-webserver flag on the setup.sh script. This is an example of how to set up Nginx with SSL certificates using Certbot.

Prerequisites

A domain name pointing to your server
A Linux-based server (these instructions use apt-based systems like Ubuntu/Debian)

Setup Process

1. Run the Setup Script


./setup.sh your.domain.name --no-webserver

2. Install Nginx and Certbot

First, install Nginx and Certbot on your server:


# Update package lists
sudo apt update
 
# Install Nginx
sudo apt install nginx
 
# Install Certbot and the Nginx plugin
sudo apt install certbot python3-certbot-nginx

3. Configure Nginx

Create a new Nginx server configuration file:


sudo nano /etc/nginx/sites-available/rybbit

Add the following configuration (replace your.domain.name with your actual domain):


server {
    listen 80;
    server_name your.domain.name;
 
    # We'll start with a basic HTTP configuration
    # Certbot will modify this file later to add HTTPS
 
    location / {
        proxy_pass http://localhost:3002;  # Client port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 
    location /api/ {
        proxy_pass http://localhost:3001/;  # Backend port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

⚠️

Note the trailing slash in the proxy_pass for the API location. This is important to correctly strip the /api/ prefix when forwarding requests to the backend service.

4. Enable the Site Configuration

Enable the site by creating a symbolic link and test the configuration:


# Enable the site
sudo ln -s /etc/nginx/sites-available/rybbit /etc/nginx/sites-enabled/
 
# Test the configuration
sudo nginx -t
 
# If the test is successful, restart Nginx
sudo systemctl restart nginx

5. Set Up SSL with Certbot

Certbot can automatically configure Nginx to use HTTPS:


sudo certbot --nginx -d your.domain.name

Certbot will automatically modify your Nginx configuration to include SSL certificate settings and HTTPS server blocks.

6. Verify the Setup

Your final Nginx configuration (in /etc/nginx/sites-available/rybbit) should now include HTTPS settings. You can check it with:


sudo cat /etc/nginx/sites-available/rybbit

It should include SSL certificate paths and a server block for HTTPS.

Certificate Renewal

Certbot creates a systemd timer that automatically renews certificates before they expire. You can verify it’s active with:


sudo systemctl status certbot.timer

You can also test the renewal process (without actually renewing) using:


sudo certbot renew --dry-run

Troubleshooting

If you encounter issues:

Check Nginx error logs:
```
sudo tail -f /var/log/nginx/error.log
```
Verify that the Docker containers are running and exposing the correct ports:
```
docker ps
```

Test connectivity to the backend and client services:


curl -v http://localhost:3001
curl -v http://localhost:3002

If the Certbot automatic configuration fails, you can manually add SSL configuration to your Nginx server block.