Try   HackMD

Guide

Repo: https://github.com/vramana/common-voice
Branch: auth0

NGINX

Add the following configuration to nginx config to proxy request from domain to storage server

  location /storage {
    proxy_pass http://localhost:8080/storage;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-Proto $scheme;
  }

Add following headers in NGINX config. Otherwise the session is treated as insecure and login will not work. This is caused by express-session.

This only happens if CV_PROD is true

    location {
        # ....
        proxy_set_header X-Forwarded-Proto $scheme;
        underscores_in_headers on;     
    }

Confirm that configuration is correct

sudo nginx -t

Once it's correct

sudo systemctl reload nginx

Docker

Wrote separate bundler and web dockerfiles stripping all the work around restricted permissions from the original file. Also I wrote a different docker-compose file

docker/Dockerfile.prod
bundler/Dockerfile.prod

compose-production.yaml

Commands

To start the application

docker compose -f compose-production.yaml up -d

To stop the application

docker compose down

MySQL credentials need to be removed from docker-compose file and moved into .env file

Environment Variables

CV_ENVIRONMENT will be local since there is not Google Cloud Storage bucket

CV_PROD will be true

CV_SECRET has to be set to a random string. You can use openssl rand -hex 100 to generate it. This is used to encrypt and decrypt session data

CV_STORAGE_EXTERNAL_URL set this to domain hosting the instance. This is needed to listen/review to clips. For example if instance is hosted voice.swecha.org. The env var should be https://voice.swecha.org

Authentication

Create Gitlab OAuth Client ID and Client Secret.
Set the scopes as read_user, openid, profile, email

Redirect URL will be https://{domain}/callback

Storage

GCS is used for storage but local docker volume can be
used as well via fake gcs server

Emails

Production build uses AWS SES. It would be simple to hook it to smtp mail box.

For now it's send email to test email service.

Sentences

Telugu language is not contributable by default.

sentences table is empty. We need to add sentences.

Connect to MySQL instance and run these SQL commands.

SELECT *
FROM locales
WHERE name = "te";

UPDATE locales
SET is_contributable = 1,
     target_sentence_count = 200
WHERE name = "te"

Run

docker compose exec -it web bash

and then run

node server/js/lib/model/db/import-sentences.js

I have also added this line

Content-Security-Policy

I have currently put CSP header in report only mode.
Probably this needs to be turned on.

Set Production URL

Update the production url in web/src/urls.ts

Last changed by 
vramana
1
1
220
Published on HackMD