Caddyfile deployment improvements

2025-10-21 14:01:57 -04:00 · 2025-10-21 14:01:57 -04:00 · a8a6390a55
parent 8a790043f8
commit a8a6390a55
3 changed files with 360 additions and 13 deletions
--- a/113
+++ b/113
@ -0,0 +1,113 @@
 # VidRip Caddyfile
 # This configuration serves the frontend and proxies API requests to the backend
 #
 # NOTE: This file will be auto-generated by start-production.sh if it doesn't exist.
 #       The script will prompt you for your domain name.
 #
 # Manual Usage:
 #   1. Install Caddy: https://caddyserver.com/docs/install
 #   2. Update 'your-domain.com' below with your actual domain
 #   3. Run: caddy run (for testing) or caddy start (background)
 #   4. Or use systemd service (see DEPLOYMENT.md)
 #
 # Features:
 #   - Automatic HTTPS with Let's Encrypt
 #   - Reverse proxy to backend API
 #   - Static file serving for frontend
 #   - Compression enabled
 #   - Security headers
 # Replace with your domain or use :80 for localhost
 your-domain.com {
    # Enable compression
    encode gzip zstd
    # Security headers
    header {
        # Enable HSTS (forces HTTPS)
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        # Prevent clickjacking
        X-Frame-Options "SAMEORIGIN"
        # Prevent MIME type sniffing
        X-Content-Type-Options "nosniff"
        # Enable XSS protection
        X-XSS-Protection "1; mode=block"
        # Referrer policy
        Referrer-Policy "strict-origin-when-cross-origin"
        # Remove server header for security
        -Server
    }
    # API routes - proxy to backend
    handle /api/* {
        reverse_proxy localhost:3001 {
            # Health check
            health_uri /api/health
            health_interval 10s
            health_timeout 5s
            # Headers
            header_up Host {host}
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
            header_up X-Forwarded-Proto {scheme}
        }
    }
    # Serve frontend static files
    handle {
        # Root directory is the frontend build output
        root * /var/www/vidrip
        # Try files first, fall back to index.html for SPA routing
        try_files {path} /index.html
        # Serve files
        file_server
        # Cache static assets
        @static {
            path *.js *.css *.woff *.woff2 *.ttf *.eot *.ico *.png *.jpg *.jpeg *.gif *.svg *.webp
        }
        header @static {
            Cache-Control "public, max-age=31536000, immutable"
        }
        # Don't cache index.html
        @html {
            path *.html
        }
        header @html {
            Cache-Control "no-cache, no-store, must-revalidate"
        }
    }
    # Logging
    log {
        output file /var/log/caddy/vidrip-access.log {
            roll_size 100mb
            roll_keep 10
        }
        format json
    }
 }
 # Alternative configuration for local development/testing without a domain
 # Uncomment this and comment out the domain configuration above
 # :80 {
 #     encode gzip zstd
 #
 #     handle /api/* {
 #         reverse_proxy localhost:3001
 #     }
 #
 #     handle {
 #         root * /var/www/vidrip
 #         try_files {path} /index.html
 #         file_server
 #     }
 #
 #     log {
 #         output stdout
 #     }
 # }
--- a/DEPLOYMENT.md
+++ b/DEPLOYMENT.md
@ -13,6 +13,9 @@ chmod +x start-production.sh stop-production.sh
 # Start the service
 ./start-production.sh
 # When prompted, enter your domain name (e.g., vidrip.example.com)
 # Or press Enter to skip Caddyfile generation
 # Stop the service
 ./stop-production.sh
 ```
@ -21,8 +24,11 @@ The `start-production.sh` script will:
 - Check system requirements (Node.js 18+, yt-dlp)
 - Install dependencies
 - Build backend and frontend
 - **Ask for your domain and auto-generate Caddyfile** (if not exists)
 - Deploy frontend to `/var/www/vidrip`
 - Start the backend server in the background
 - Create log files in `logs/` directory
 - Show next steps for Caddy installation
 ## Production Deployment (Recommended)
@ -106,7 +112,63 @@ sudo systemctl start vidrip
 sudo systemctl status vidrip
 ```
-### 6. Setup Nginx Reverse Proxy
+### 6. Setup Web Server (Reverse Proxy)
 Choose one of the following options:
 #### Option A: Caddy (Recommended - Easiest with automatic HTTPS)
 **Install Caddy:**
 ```bash
 # Ubuntu/Debian
 sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
 curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
 curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
 sudo apt update
 sudo apt install caddy
 ```
 **Configure Caddyfile:**
 If you ran `start-production.sh` and entered your domain, a Caddyfile was auto-generated for you!
 Otherwise, edit the included template:
 ```bash
 # Edit Caddyfile
 nano Caddyfile
 # Change line 21:
 # FROM: your-domain.com {
 # TO:   yourdomain.com {
 ```
 **Deploy Caddyfile:**
 ```bash
 # Copy to standard location
 sudo cp Caddyfile /etc/caddy/Caddyfile
 # Validate configuration
 sudo caddy validate --config /etc/caddy/Caddyfile
 # Enable and start Caddy
 sudo systemctl enable caddy
 sudo systemctl start caddy
 # Check status
 sudo systemctl status caddy
 ```
 Caddy will automatically obtain and renew SSL certificates from Let's Encrypt!
 **View logs:**
 ```bash
 sudo journalctl -u caddy -f
 ```
 #### Option B: Nginx
 Create `/etc/nginx/sites-available/vidrip`:
@ -117,7 +179,7 @@ server {
    # Serve frontend static files
    location / {
-        root /var/www/vidrip/frontend/dist;
+        root /var/www/vidrip;
        try_files $uri $uri/ /index.html;
    }
@ -134,11 +196,8 @@ server {
        proxy_set_header X-Forwarded-Proto $scheme;
    }
-    # Serve downloaded video files
+    # Note: Video files are now served via /api/videos/:id/stream
-    location /downloads/ {
+    # This handles both local and WebDAV storage automatically
        alias /var/www/vidrip/backend/downloads/;
        add_header Content-Type video/mp4;
    }
    # Increase upload size if needed
    client_max_body_size 100M;
@ -153,13 +212,15 @@ sudo nginx -t
 sudo systemctl reload nginx
 ```
-### 7. Setup SSL with Let's Encrypt (Recommended)
+**Setup SSL with Let's Encrypt:**
 ```bash
 sudo apt-get install certbot python3-certbot-nginx
 sudo certbot --nginx -d your-domain.com
 ```
 Note: If using Caddy, SSL is automatic - skip this step!
 ## Systemd Service Management
 ```bash
--- a/start-production.sh
+++ b/start-production.sh
@ -29,6 +29,7 @@ LOG_DIR="$SCRIPT_DIR/logs"
 PID_FILE="$SCRIPT_DIR/vidrip.pid"
 LOG_FILE="$LOG_DIR/vidrip.log"
 ERROR_LOG_FILE="$LOG_DIR/vidrip-error.log"
 WEB_ROOT="/var/www/vidrip"
 ################################################################################
 # Helper Functions
@ -191,6 +192,143 @@ log_success "Frontend built successfully"
 cd "$SCRIPT_DIR"
 echo ""
 ################################################################################
 # Generate Caddyfile (if needed)
 ################################################################################
 if [ ! -f "$SCRIPT_DIR/Caddyfile" ]; then
    log_info "Caddyfile not found. Let's create one!"
    echo ""
    # Ask for domain
    read -p "Enter your domain name (or press Enter to skip): " DOMAIN_INPUT
    if [ -n "$DOMAIN_INPUT" ]; then
        log_info "Generating Caddyfile for domain: $DOMAIN_INPUT"
        cat > "$SCRIPT_DIR/Caddyfile" << EOF
 # VidRip Caddyfile
 # Auto-generated configuration for ${DOMAIN_INPUT}
 ${DOMAIN_INPUT} {
    # Enable compression
    encode gzip zstd
    # Security headers
    header {
        # Enable HSTS (forces HTTPS)
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        # Prevent clickjacking
        X-Frame-Options "SAMEORIGIN"
        # Prevent MIME type sniffing
        X-Content-Type-Options "nosniff"
        # Enable XSS protection
        X-XSS-Protection "1; mode=block"
        # Referrer policy
        Referrer-Policy "strict-origin-when-cross-origin"
        # Remove server header for security
        -Server
    }
    # API routes - proxy to backend
    handle /api/* {
        reverse_proxy localhost:3001 {
            # Health check
            health_uri /api/health
            health_interval 10s
            health_timeout 5s
            # Headers
            header_up Host {host}
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
            header_up X-Forwarded-Proto {scheme}
        }
    }
    # Serve frontend static files
    handle {
        # Root directory is the frontend build output
        root * ${WEB_ROOT}
        # Try files first, fall back to index.html for SPA routing
        try_files {path} /index.html
        # Serve files
        file_server
        # Cache static assets
        @static {
            path *.js *.css *.woff *.woff2 *.ttf *.eot *.ico *.png *.jpg *.jpeg *.gif *.svg *.webp
        }
        header @static {
            Cache-Control "public, max-age=31536000, immutable"
        }
        # Don't cache index.html
        @html {
            path *.html
        }
        header @html {
            Cache-Control "no-cache, no-store, must-revalidate"
        }
    }
    # Logging
    log {
        output file /var/log/caddy/vidrip-access.log {
            roll_size 100mb
            roll_keep 10
        }
        format json
    }
 }
 EOF
        log_success "Caddyfile created successfully!"
        log_info "You can edit it later at: $SCRIPT_DIR/Caddyfile"
    else
        log_info "Skipping Caddyfile generation"
        log_info "You can create it manually later or use nginx/Apache"
    fi
    echo ""
 else
    log_info "Caddyfile already exists, skipping generation"
    echo ""
 fi
 ################################################################################
 # Deploy Frontend to Web Root
 ################################################################################
 log_info "Deploying frontend to web root..."
 # Check if we have permissions to write to /var/www
 if [ -w "/var/www" ]; then
    # Create web root directory
    sudo mkdir -p "$WEB_ROOT"
    # Copy frontend build to web root
    log_info "Copying frontend build to $WEB_ROOT..."
    sudo rm -rf "$WEB_ROOT"/*
    sudo cp -r "$FRONTEND_DIR/dist/"* "$WEB_ROOT/"
    # Set proper permissions
    sudo chown -R www-data:www-data "$WEB_ROOT" 2>/dev/null || sudo chown -R $USER:$USER "$WEB_ROOT"
    sudo chmod -R 755 "$WEB_ROOT"
    log_success "Frontend deployed to $WEB_ROOT"
 else
    log_warning "No write permission to /var/www"
    log_warning "Run with sudo to deploy frontend, or manually copy:"
    log_warning "  sudo mkdir -p $WEB_ROOT"
    log_warning "  sudo cp -r $FRONTEND_DIR/dist/* $WEB_ROOT/"
    log_warning "  sudo chown -R www-data:www-data $WEB_ROOT"
    log_warning "  sudo chmod -R 755 $WEB_ROOT"
 fi
 echo ""
 ################################################################################
 # Start Backend Server
 ################################################################################
@ -243,7 +381,14 @@ log_info "==================================================================="
 log_info "VidRip is now running in production mode"
 log_info "==================================================================="
 echo ""
-log_info "To stop the service:"
+log_info "Backend Server:"
 log_info "  Running on port 3001 (or PORT from .env)"
 log_info "  PID: $SERVER_PID"
 echo ""
 log_info "Frontend:"
 log_info "  Deployed to: $WEB_ROOT"
 echo ""
 log_info "To stop the backend service:"
 log_info "  ./stop-production.sh"
 echo ""
 log_info "To view logs:"
@ -252,10 +397,38 @@ echo ""
 log_info "To view errors:"
 log_info "  tail -f $ERROR_LOG_FILE"
 echo ""
-log_warning "IMPORTANT: In production, you'll need to:"
+if [ -f "$SCRIPT_DIR/Caddyfile" ]; then
-log_warning "  1. Serve the frontend build (frontend/dist) via nginx/Apache"
+    log_warning "NEXT STEPS - Caddy Setup:"
-log_warning "  2. Setup reverse proxy from frontend to backend API"
+    log_warning "  1. Install Caddy: https://caddyserver.com/docs/install"
-log_warning "  3. Configure proper firewall rules"
+    log_warning "     Quick install (Ubuntu/Debian):"
    log_warning "       sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https"
    log_warning "       curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg"
    log_warning "       curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list"
    log_warning "       sudo apt update && sudo apt install caddy"
    echo ""
    log_warning "  2. Copy Caddyfile to Caddy config directory:"
    log_warning "       sudo cp $SCRIPT_DIR/Caddyfile /etc/caddy/Caddyfile"
    echo ""
    log_warning "  3. Start Caddy:"
    log_warning "       sudo systemctl enable caddy"
    log_warning "       sudo systemctl start caddy"
    echo ""
    log_warning "  4. Configure firewall to allow ports 80/443:"
    log_warning "       sudo ufw allow 80/tcp"
    log_warning "       sudo ufw allow 443/tcp"
    echo ""
    log_success "Caddy will automatically obtain SSL certificates from Let's Encrypt!"
 else
    log_warning "NEXT STEPS:"
    log_warning "  1. Install Caddy: https://caddyserver.com/docs/install"
    log_warning "  2. Edit Caddyfile and replace 'your-domain.com' with your domain"
    log_warning "  3. Start Caddy: sudo caddy start"
    log_warning "     (or for testing: caddy run)"
    log_warning "  4. Configure firewall to allow ports 80/443"
 fi
 echo ""
 log_info "Alternative web servers:"
 log_info "  - See DEPLOYMENT.md for nginx/Apache configurations"
 echo ""
 # Register cleanup on script exit