From 7ff165fdb451919d381586383045f24ffbefb57f Mon Sep 17 00:00:00 2001
From: SouthFox <master@southfox.me>
Date: Tue, 29 Aug 2023 17:49:40 +0800
Subject: [PATCH] [chore] add nginx and systemd config

---
 dist/liberty-hu.service | 14 ++++++++++++++
 dist/nginx.conf         | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 dist/liberty-hu.service
 create mode 100644 dist/nginx.conf

diff --git a/dist/liberty-hu.service b/dist/liberty-hu.service
new file mode 100644
index 0000000..c88a4df
--- /dev/null
+++ b/dist/liberty-hu.service
@@ -0,0 +1,14 @@
+#See https://computingforgeeks.com/how-to-run-java-jar-application-with-systemd-on-linux/
+[Unit]
+Description=Liberty Hu service
+
+[Service]
+WorkingDirectory=/opt/prod
+ExecStart=/bin/java -Xms256m -Xmx512m -jar liberty-hu.jar
+User=jvmapps
+Type=simple
+Restart=on-failure
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
diff --git a/dist/nginx.conf b/dist/nginx.conf
new file mode 100644
index 0000000..bc4f105
--- /dev/null
+++ b/dist/nginx.conf
@@ -0,0 +1,39 @@
+proxy_cache_path  /var/cache/nginx  levels=1:2    keys_zone=STATIC:10m inactive=24h  max_size=1g;
+
+server {
+    server_name  {SERVER};
+
+    location / {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_buffering  on;
+        proxy_cache      STATIC;
+        proxy_cache_valid 200 1d;
+        add_header X-Cached $upstream_cache_status;
+        add_header 'Access-Control-Allow-Origin' '*';
+    }
+
+    location = /robots.txt {
+      add_header  Content-Type  text/plain;
+      return 200 "User-agent: *\nDisallow: /\n";
+    }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/{SERVER}/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/{SERVER}/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+
+}
+server {
+    listen       80;
+    server_name  {SERVER};
+
+    if ($host = {SERVER}) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+}