digital-garden/notes/Настройки noteshare для Obsidian.md

---
tags:
  - зрелость/🌱
date: "2023-09-04"
linked:
---
Этот сервер позволяет

```yaml
noteshare-migrate:
    image: upagge/noteshare-migrations:latest
    networks:
      note-share:
    volumes:
      - ./noteshare/database:/database/
    environment:
      - DATABASE_URL=file:/database/db.sqlite

# Backend server for managing saved notes 
  noteshare-backend:
    image: upagge/noteshare-backend:latest
    restart: always
    hostname: noteshare-backend
    container_name: noteshare-backend
    networks:
      note-share:
    volumes:
      - ./noteshare/database:/database/
    environment:
      - DATABASE_URL=file:/database/db.sqlite
      - FRONTEND_URL=https://notes.struchkov.dev
      - CLEANUP_INTERVAL_SECONDS=600
      - NODE_ENV=production
      # Rate limit for uploading notes
      - POST_LIMIT_WINDOW_SECONDS=86400
      - POST_LIMIT=50
      # Rate limit for downloading notes
      - GET_LIMIT_WINDOW_SECONDS=60
      - GET_LIMIT=20
    depends_on:
      - noteshare-migrate

  noteshare-frontend:
    image: upagge/noteshare-frontend:latest
    restart: always
    hostname: noteshare-frontend
    container_name: noteshare-frontend
    networks:
      note-share:
    environment:
      - NODE_ENV=production
    depends_on:
      - noteshare-backend
```

```nginx
server {
    listen 80;
    listen [::]:80;

    server_name notes.struchkov.dev;

    location ~ /.well-known/acme-challenge {
            allow all;
            root /temp;
    }

    location / {
        return 301 https://notes.struchkov.dev$request_uri;
    }
}

#server {
#    server_name www.struchkov.dev;
#    return 301 $scheme://struchkov.dev$request_uri;
#}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name notes.struchkov.dev;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Referrer-Policy "no-referrer";
    add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
    add_header X-Content-Type-Options "nosniff"; 
    add_header X-Frame-Options "sameorigin";
    add_header X-Xss-Protection "1; mode=block";
    proxy_hide_header X-Powered-By;

    ssl_certificate /etc/letsencrypt/live/struchkov.dev/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/struchkov.dev/privkey.pem;
    ssl_buffer_size 4k;
    ssl_dhparam /etc/nginx/ssl/dhparam-notes.pem;
    ssl_protocols SSLv3 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_ecdh_curve secp384r1;

    ssl_stapling on;
    ssl_stapling_verify on;

    ssl_session_cache shared:SSL:5m;
    ssl_session_timeout 24h;
    ssl_session_tickets off;

    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto   $scheme;
        proxy_connect_timeout                 90;
        proxy_send_timeout                    90;
        proxy_read_timeout                    90;

        proxy_cache nginxcash;
        proxy_cache_valid 1d;
        proxy_cache_valid 404 1h;
        proxy_cache_revalidate on;
        proxy_buffering on;
        proxy_cache_background_update on;
        proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
        proxy_cache_min_uses 2;

        client_body_buffer_size               128k;

        proxy_pass http://noteshare-frontend:3000;
    }

    location = /api/note {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto   $scheme;
        proxy_connect_timeout                 90;
        proxy_send_timeout                    90;
        proxy_read_timeout                    90;

        proxy_cache nginxcash;
        proxy_cache_valid 1d;
        proxy_cache_valid 404 1h;
        proxy_cache_revalidate on;
        proxy_buffering on;
        proxy_cache_background_update on;
        proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
        proxy_cache_min_uses 2;

        client_body_buffer_size               128k;

        limit_except GET POST DELETE {
            deny all;
        }

        proxy_pass http://noteshare-backend:8080/api/note;
    }

}
```