oliver/StaySense
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions
StaySense/docs/CLOUDPANEL_SETUP.md

2.2 KiB
Raw Permalink Blame History

CloudPanel Setup (Hetzner)

Ziel

StaySense unter staysense.vanityontour.de mit CloudPanel + Let's Encrypt + Reverse Proxy auf API.

DNS

  • A: staysense.vanityontour.de -> 88.99.209.207
  • AAAA: staysense.vanityontour.de -> 2a01:4f8:10a:3ae1::2

CloudPanel Eintraege

  1. Site-Typ: Static HTML
  2. Domain: staysense.vanityontour.de
  3. Site User: z. B. staysense-site
  4. SSL: Let's Encrypt aktivieren
  5. Redirect HTTP->HTTPS aktivieren

Webroot

CloudPanel legt typischerweise an:

  • /home/staysense-site/htdocs/staysense.vanityontour.de

Frontend deployen:

rsync -a --delete /opt/staysense/src/ /home/staysense-site/htdocs/staysense.vanityontour.de/
chown -R staysense-site:staysense-site /home/staysense-site/htdocs/staysense.vanityontour.de

Reverse Proxy fuer API

In die vHost-Config der Site aufnehmen:

location /api/ {
  limit_req zone=limit burst=20 nodelay;
  proxy_pass http://127.0.0.1:8787/;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
}

Endpoint-spezifisch (empfohlen):

location = /api/spot/signal {
  limit_req zone=staysense_signal burst=3 nodelay;
  proxy_pass http://127.0.0.1:8787/spot/signal;
}

location /api/spot/score {
  limit_req zone=staysense_score burst=25 nodelay;
  proxy_pass http://127.0.0.1:8787/spot/score;
}

Security Header (empfohlen)

add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(self)" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-ancestors 'self'; base-uri 'self'" always;

Backend Services

  • staysense-api.service (API)
  • staysense-import.timer + staysense-import.service (Datenimporte)

Status:

systemctl is-active staysense-api.service
systemctl is-active staysense-import.timer

Health Checks

curl -s https://staysense.vanityontour.de/api/health
curl -I http://staysense.vanityontour.de
curl -I https://staysense.vanityontour.de