Readme update and fixed Nginx CORS issues

2025-05-11 19:23:56 -07:00 · 2025-05-11 19:23:56 -07:00 · cbae1d1a95
commit cbae1d1a95
parent d1e725212d
3 changed files with 133 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -112,7 +112,7 @@ relays:

 ### Set up a Bot

-1. Navigate to the web interface at `http://localhost:8765`
+1. Navigate to the web interface at `http://localhost:8765` (or your configured domain)
 2. Log in with your Nostr extension (NIP-07)
 3. Create a new bot by providing a name and optional keypair
 4. Configure the posting schedule, media upload service, and relays
@ -123,6 +123,118 @@ relays:

 You can also trigger a post manually through the web interface

+## Production Deployment
+
+### Nginx Configuration
+
+To serve Nostr Poster behind an Nginx reverse proxy with HTTPS, use the following configuration:
+
+```nginx
+server {
+    listen 80;
+    server_name your-domain.com;
+
+    # Redirect HTTP to HTTPS
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name your-domain.com;
+
+    # SSL configuration
+    ssl_certificate /path/to/your/fullchain.pem;
+    ssl_certificate_key /path/to/your/privkey.pem;
+
+    # Security headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options SAMEORIGIN;
+
+    # Proxy settings
+    location / {
+        proxy_pass http://localhost:8765;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # WebSocket support (for Nostr connections)
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # Timeout settings for long-lived connections
+        proxy_read_timeout 86400;
+        proxy_send_timeout 86400;
+    }
+}
+```
+
+Make sure to replace `your-domain.com` with your actual domain name and update the SSL certificate paths accordingly.
+
+### Systemd Service
+
+To run Nostr Poster as a system service that starts automatically on boot, create a systemd service file:
+
+1. Create a systemd service file:
+
+```bash
+sudo nano /etc/systemd/system/nostr-poster.service
+```
+
+2. Add the following content:
+
+```ini
+[Unit]
+Description=Nostr Poster Bot Service
+After=network.target
+
+[Service]
+Type=simple
+User=nostr
+WorkingDirectory=/path/to/nostr-poster
+ExecStart=/path/to/nostr-poster/build/bin/nostr-poster
+Restart=on-failure
+RestartSec=5
+StandardOutput=journal
+StandardError=journal
+Environment=GIN_MODE=release
+
+# Hardening measures
+PrivateTmp=true
+ProtectSystem=full
+NoNewPrivileges=true
+ProtectHome=true
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Replace `/path/to/nostr-poster` with the actual path to your installation, and `nostr` with the user you want to run the service as.
+
+3. Enable and start the service:
+
+```bash
+sudo systemctl daemon-reload
+sudo systemctl enable nostr-poster
+sudo systemctl start nostr-poster
+```
+
+4. Check the status of the service:
+
+```bash
+sudo systemctl status nostr-poster
+```
+
+5. View logs:
+
+```bash
+sudo journalctl -u nostr-poster -f
+```
+
 ## NIPs Supported

 - NIP-01: Basic protocol flow
--- a/internal/api/routes.go
+++ b/internal/api/routes.go
@ -44,7 +44,22 @@ func NewAPI(
    globalRelayService *GlobalRelayService, // Changed from colon to comma
 ) *API {
    router := gin.Default()
-    
+
+    // Add CORS middleware
+    router.Use(func(c *gin.Context) {
+        c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
+        c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
+        c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Authorization, Content-Type")
+
+        // Handle preflight requests
+        if c.Request.Method == "OPTIONS" {
+            c.AbortWithStatus(http.StatusOK)
+            return
+        }
+
+        c.Next()
+    })
+
    api := &API{
        router:            router,
        logger:            logger,
@ -53,10 +68,10 @@ func NewAPI(
        scheduler:         scheduler,
        globalRelayService: globalRelayService, // Added this missing field
    }
-    
+
    // Set up routes
    api.setupRoutes()
-    
+
    return api
 }

--- a/web/assets/js/main.js
+++ b/web/assets/js/main.js
@ -87,7 +87,8 @@ document.addEventListener('DOMContentLoaded', () => {
     * Global State
     * -------------------------------------------------- */
    let currentUser = null;
-    const API_ENDPOINT = 'http://localhost:8765'; // <--- If your server is at http://localhost:8765, then use that. Example: 'http://localhost:8765'
+    // Define API_ENDPOINT using relative URLs to fix CORS issues when running behind a proxy
+    const API_ENDPOINT = '';

    /* ----------------------------------------------------
     * On page load, check if already logged in