iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/roadmap/prod-env/04-swag-nginx-configs.md
Murat ÖZDEMİR 67f4c10c93 docs(roadmap): update various roadmap docs to align with latest infrastructure setup 
- Synchronized swarm initialization, pipeline update, and certificate reloader instructions with the new monolithic stack logic and Ansible roles.
2026-06-15 16:48:04 +03:00

2.1 KiB
Raw Blame History

04 — SWAG Nginx Proxy Configs (Prod)

Context

Production uses the same SWAG template files as test, with production subdomain values and StorageBox-backed output directories. The current setup source is ../../setup/09-prod-runner-ha-and-swarm.md.

Required Environment Variables

The production env file is prod/secrets/iklim.co/.env on StorageBox.

API_SUBDOMAIN=api.iklim.co
APIGW_SUBDOMAIN=apigw.iklim.co
RABBITMQ_SUBDOMAIN=rabbitmq.iklim.co
GRAFANA_SUBDOMAIN=grafana.iklim.co
RESTRICTED_IPS="78.187.87.109/32,95.70.151.248/32"

SWAG_CERT_DIR=/mnt/storagebox/ssl
SWAG_DNS_CONFIG_DIR=/mnt/storagebox/swag/dns-conf
SWAG_SITE_CONFS_DIR=/mnt/storagebox/swag/site-confs
SWAG_PROXY_CONFS_DIR=/mnt/storagebox/swag/proxy-confs

Template Files

The shared templates live under root template/swag/:

  • template/swag/dns-conf/godaddy.ini.tpl
  • template/swag/site-confs/default.conf
  • template/swag/site-confs/api.conf.tpl
  • template/swag/site-confs/apigw.conf.tpl
  • template/swag/site-confs/rabbitmq.conf.tpl
  • template/swag/site-confs/grafana.conf.tpl

Deploy Behavior

The production workflow renders:

  • GoDaddy DNS credentials into $SWAG_DNS_CONFIG_DIR/godaddy.ini.
  • SWAG site configs into $SWAG_SITE_CONFS_DIR.
  • Optional proxy configs into $SWAG_PROXY_CONFS_DIR when templates exist.

Because StorageBox is mounted on the service nodes, files rendered by the runner are visible to SWAG regardless of which service node runs the container.

Verification

cat /mnt/storagebox/swag/site-confs/api.conf | grep server_name
docker exec $(docker ps -q -f name=iklimco_swag | head -1) nginx -t
curl -si https://api.iklim.co/health

Expected:

  • server_name api.iklim.co;
  • Nginx config syntax is valid.
  • Public API returns an APISIX response with a valid *.iklim.co certificate.

Historical / Superseded by Setup

The previous SWAG_CONFIG_DIR=/mnt/storagebox/swag/config and .env.prod references are superseded. Use the split SWAG_DNS_CONFIG_DIR, SWAG_SITE_CONFS_DIR, and SWAG_PROXY_CONFS_DIR variables from the current setup.