soroushdes/hamkadr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use dedicated host port 2569 for hamkadr (avoids the 8090 conflict)
CI/CD / CI · dotnet build (push) Successful in 7m14s
Details
CI/CD / Deploy · hamkadr (push) Successful in 8s
Details

Browse Source 
docker-compose.yml HOST_PORT default → 2569; nginx vhost proxy_pass → 127.0.0.1:2569; DEPLOY.md updated. Set HOST_PORT=2569 in the ENV_FILE secret.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-04 04:58:27 +03:30
parent 3c08c1a265
commit f457e4b5ca
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
DEPLOY.md
+3 -3
View File
@@ -7,7 +7,7 @@ TLS for `hamkadr.ir` and reverse-proxies to the app.
## Architecture & open ports ## Architecture & open ports
``` ```
Internet ──443/80──► nginx (host, existing) ──► 127.0.0.1:8090 ──► hamkadr_api (container :8080) Internet ──443/80──► nginx (host, existing) ──► 127.0.0.1:2569 ──► hamkadr_api (container :8080)
│ internal docker net │ internal docker net
hamkadr_db (postgres, no host port) hamkadr_db (postgres, no host port)
@@ -18,7 +18,7 @@ Internet ──443/80──► nginx (host, existing) ──► 127.0.0.1:8090
| 22 | ✅ (ideally IP-restricted) | SSH | | 22 | ✅ (ideally IP-restricted) | SSH |
| 80 | ✅ | HTTP → 443 redirect + Let's Encrypt ACME | | 80 | ✅ | HTTP → 443 redirect + Let's Encrypt ACME |
| 443 | ✅ | HTTPS `hamkadr.ir` | | 443 | ✅ | HTTPS `hamkadr.ir` |
| 8090 | ❌ host-localhost only | app, reached only by nginx | | 2569 | ❌ host-localhost only | app, reached only by nginx |
| 5432 | ❌ internal docker net only | Postgres — never published | | 5432 | ❌ internal docker net only | Postgres — never published |
`ufw` should be exactly: `allow 22, 80, 443`. Nothing else. (80/443 are already open since nginx `ufw` should be exactly: `allow 22, 80, 443`. Nothing else. (80/443 are already open since nginx
@@ -56,7 +56,7 @@ Set at `https://git.soroushasadi.com/soroushdes/hamkadr/settings/secrets` → ke
```dotenv ```dotenv
# host port nginx proxies to (must match deploy/nginx-hamkadr.ir.conf) # host port nginx proxies to (must match deploy/nginx-hamkadr.ir.conf)
HOST_PORT=8090 HOST_PORT=2569
# Postgres — generate a strong password: openssl rand -hex 24 # Postgres — generate a strong password: openssl rand -hex 24
POSTGRES_DB=hamkadr POSTGRES_DB=hamkadr
deploy/nginx-hamkadr.ir.conf
+3 -3
View File
@@ -5,16 +5,16 @@
# sudo nginx -t && sudo systemctl reload nginx # sudo nginx -t && sudo systemctl reload nginx
# sudo certbot --nginx -d hamkadr.ir -d www.hamkadr.ir # adds the :443 server + HTTP→HTTPS redirect # sudo certbot --nginx -d hamkadr.ir -d www.hamkadr.ir # adds the :443 server + HTTP→HTTPS redirect
# #
# The port below MUST match HOST_PORT in the Gitea ENV_FILE secret (default 8090). # The port below MUST match HOST_PORT in the Gitea ENV_FILE secret (default 2569).
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name hamkadr.ir www.hamkadr.ir; server_name hamkadr.ir www.hamkadr.ir;
# The app binds 127.0.0.1:8090 (docker-compose.yml, service "api") — never exposed publicly. # The app binds 127.0.0.1:2569 (docker-compose.yml, service "api") — never exposed publicly.
location / { location / {
proxy_pass http://127.0.0.1:8090; proxy_pass http://127.0.0.1:2569;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
docker-compose.yml
+1 -1
View File
@@ -17,7 +17,7 @@ services:
db: db:
condition: service_healthy condition: service_healthy
ports: ports:
- "127.0.0.1:${HOST_PORT:-8090}:8080" # localhost-only; nginx proxies hamkadr.ir → here - "127.0.0.1:${HOST_PORT:-2569}:8080" # localhost-only; nginx proxies hamkadr.ir → here
environment: environment:
ASPNETCORE_ENVIRONMENT: "Production" ASPNETCORE_ENVIRONMENT: "Production"
ASPNETCORE_URLS: "http://+:8080" ASPNETCORE_URLS: "http://+:8080"