From 6a9d833251e132472b12b437a7075705d98362b6 Mon Sep 17 00:00:00 2001
From: Oliver <oliver.henry.walters@gmail.com>
Date: Mon, 13 May 2024 14:15:45 +1000
Subject: [PATCH] Nginx example (#7207)

* Add sample nginx config file

- Taken from 0.13.x branch

* Add alternative setup for nginx

* Add brief note in the docs
---
 contrib/container/Caddyfile          |  5 +-
 contrib/container/docker-compose.yml | 14 ++++++
 contrib/container/nginx.conf         | 70 ++++++++++++++++++++++++++++
 docs/docs/start/docker.md            |  5 +-
 4 files changed, 92 insertions(+), 2 deletions(-)
 create mode 100644 contrib/container/nginx.conf

diff --git a/contrib/container/Caddyfile b/contrib/container/Caddyfile
index f1b1532028..96fb01c52a 100644
--- a/contrib/container/Caddyfile
+++ b/contrib/container/Caddyfile
@@ -1,7 +1,10 @@
-# Caddyfile for Inventree
+# Example Caddyfile for Inventree
 # The following environment variables may be used:
 # - INVENTREE_SITE_URL: The upstream URL of the Inventree site (default: inventree.localhost)
 # - INVENTREE_SERVER: The internal URL of the Inventree container (default: http://inventree-server:8000)
+#
+# Note that while this file is a good starting point, it may need to be modified to suit your specific requirements
+
 
 (log_common) {
 	log {
diff --git a/contrib/container/docker-compose.yml b/contrib/container/docker-compose.yml
index 5fa1532481..85fbb2c748 100644
--- a/contrib/container/docker-compose.yml
+++ b/contrib/container/docker-compose.yml
@@ -120,3 +120,17 @@ services:
             - ${INVENTREE_EXT_VOLUME}:/var/log:z
             - ${INVENTREE_EXT_VOLUME}:/data:z
             - ${INVENTREE_EXT_VOLUME}:/config:z
+
+    # alternative: run nginx as reverse proxy
+    # inventree-proxy:
+    #     container_name: inventree-proxy
+    #     image: nginx:stable
+    #     restart: always
+    #     depends_on:
+    #         - inventree-server
+    #     ports:
+    #         - ${INVENTREE_WEB_PORT:-80}:80
+    #         - 443:443
+    #     volumes:
+    #         - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro,z
+    #         - ${INVENTREE_EXT_VOLUME}:/var/www:z
diff --git a/contrib/container/nginx.conf b/contrib/container/nginx.conf
new file mode 100644
index 0000000000..91b82adae1
--- /dev/null
+++ b/contrib/container/nginx.conf
@@ -0,0 +1,70 @@
+# An example configuration file for running InvenTree container behind an nginx proxy
+# While suitable for a simple installation, this file will likely require some modification
+# if you are running a more complex setup (e.g behind another proxy, or with HTTPS)
+
+server {
+
+    # Listen for connection on (internal) port 80
+    # If you are exposing this server to the internet, you should use HTTPS!
+    # In which case, you should also set up a redirect from HTTP to HTTPS, and listen on port 443
+    # See the Nginx documentation for more details
+    listen 80;
+
+    real_ip_header proxy_protocol;
+
+    location / {
+
+        proxy_set_header      Host              $http_host;
+        proxy_set_header      X-Forwarded-By    $server_addr:$server_port;
+        proxy_set_header      X-Forwarded-For   $remote_addr;
+        proxy_set_header      X-Forwarded-Proto $scheme;
+        proxy_set_header      X-Real-IP         $remote_addr;
+        proxy_set_header      CLIENT_IP         $remote_addr;
+
+        proxy_pass_request_headers on;
+
+        proxy_redirect off;
+
+        client_max_body_size 100M;
+
+        proxy_buffering off;
+        proxy_request_buffering off;
+
+        # Do not touch this unless you have a specific reason - this and the docker-compose need to match
+        proxy_pass http://inventree-server:8000;
+    }
+
+    # Redirect any requests for static files
+    location /static/ {
+        alias /var/www/static/;
+        autoindex on;
+
+        # Caching settings
+        expires 30d;
+        add_header Pragma public;
+        add_header Cache-Control "public";
+    }
+
+    # Redirect any requests for media files
+    location /media/ {
+        alias /var/www/media/;
+
+        # Media files require user authentication
+        auth_request /auth;
+
+        # Content header to force download
+        add_header Content-disposition "attachment";
+    }
+
+    # Use the 'user' API endpoint for auth
+    location /auth {
+        internal;
+
+        proxy_pass http://inventree-server:8000/auth/;
+
+        proxy_pass_request_body off;
+        proxy_set_header Content-Length "";
+        proxy_set_header X-Original-URI $request_uri;
+    }
+
+}
diff --git a/docs/docs/start/docker.md b/docs/docs/start/docker.md
index 4a3e3458d3..7180ef6c24 100644
--- a/docs/docs/start/docker.md
+++ b/docs/docs/start/docker.md
@@ -117,12 +117,15 @@ Runs an InvenTree web server instance, powered by a Gunicorn web server.
 
 Runs the InvenTree background worker process. This spins up a second instance of the *inventree* container, with a different entrypoint command.
 
-#### File Server
+#### Proxy Server
 
 Caddy working as a reverse proxy, separating requests for static and media files, and directing everything else to Gunicorn.
 
 This container uses the official [caddy image](https://hub.docker.com/_/caddy).
 
+!!! info "Nginx Proxy"
+    An alternative is to run nginx as the reverse proxy. A sample configuration file is provided in the `./contrib/container/` source directory.
+
 #### Redis Cache
 
 Redis is used as cache storage for the InvenTree server. This provides a more performant caching system which can useful in larger installations.