From 296651cb67da70a378466b9f23736637aa978124 Mon Sep 17 00:00:00 2001
From: Will Murphy <william@datatitian.com>
Date: Fri, 27 Jan 2023 12:44:49 -0600
Subject: [PATCH 1/6] use nginx for ssl & reverse proxy

---
 .env.defaults      |  1 +
 README.md          |  7 ++++++-
 docker-compose.yml | 26 +++++++++++++++-----------
 3 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/.env.defaults b/.env.defaults
index d0db5b7..e6d3078 100644
--- a/.env.defaults
+++ b/.env.defaults
@@ -1,2 +1,3 @@
 DB_NAME=guppe
 NODE_ENV=production
+PORT_HTTPS=8085
diff --git a/README.md b/README.md
index 7bd6c04..51fa972 100644
--- a/README.md
+++ b/README.md
@@ -39,8 +39,13 @@ Guppe uses Docker Swarm for easy load balancing Web server replicas
 git clone https://github.com/wmurphyrd/guppe.git
 cd guppe
 cp .env.defaults .env
-echo DOMAIN=yourdomain.com >> .env
+export DOMAIN=yourdomain.com
+echo DOMAIN=$DOMAIN >> .env
+echo ALLOWED_DOMAINS=$DOMAIN >> .env
+echo SITES='"'$DOMAIN=guppe:8085'"' >> .env
 docker swarm init --advertise-addr 127.0.0.1
+# all on one node for simple setup or split these onto different nodes for a distributed swarm
+docker node update --label-add web=true --label-add database=true --label-add delivery=true $(hostname)
 docker stack deploy --compose-file docker-compose.yml guppe
 ```
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 7afd575..e363eb7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,22 +1,28 @@
 version: "3.8"
 
 services:
+  proxy:
+    image: valian/docker-nginx-auto-ssl
+    restart: always
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ssl_data:/etc/resty-auto-ssl
+    env_file: '.env'
   guppe:
     image: datatitian/guppe
     deploy:
       mode: replicated
-      replicas: 8
+      replicas: 4
       placement:
         constraints:
-          - "node.labels.type==web"
+          - "node.labels.web==true"
     restart: always
-    ports:
-      - 443:443
-      - 80:80
     env_file: '.env'
     environment:
       DB_URL: 'mongodb://mongodb:27017'
-      PORT_HTTPS: 443
+      PROXY_MODE: 1
     depends_on:
       - mongodb
     volumes:
@@ -34,17 +40,15 @@ services:
       retries: 3
       start_period: 30s
 
-
-
   worker1:
     image: datatitian/guppe
     command: [ "node", "deliveryWorker.js" ]
     deploy:
       mode: replicated
-      replicas: 50
+      replicas: 25
       placement:
         constraints:
-          - "node.labels.type==web"
+          - "node.labels.delivery==true"
     restart: always
     env_file: '.env'
     environment:
@@ -63,7 +67,7 @@ services:
       replicas: 1
       placement:
         constraints:
-          - "node.labels.type==database"
+          - "node.labels.database==true"
     restart: always
     volumes:
       - mongo-data:/data/db

From a7f8d8daf49ac8d44e5c003aca511bef57c0fd75 Mon Sep 17 00:00:00 2001
From: Will Murphy <william@datatitian.com>
Date: Fri, 27 Jan 2023 12:48:29 -0600
Subject: [PATCH 2/6] udpate volumes

---
 docker-compose.yml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index e363eb7..5c415b2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -25,10 +25,6 @@ services:
       PROXY_MODE: 1
     depends_on:
       - mongodb
-    volumes:
-      - certs:/root/.small-tech.org/auto-encrypt
-      # localdev certs
-      - ./certs:/usr/src/guppe/certs
     logging:
       driver: local
       options:
@@ -78,4 +74,4 @@ services:
 
 volumes:
   mongo-data:
-  certs:
+  ssl_data:

From 2874433cf1b812fa742c1672262b618ae57be555 Mon Sep 17 00:00:00 2001
From: Will Murphy <william@datatitian.com>
Date: Fri, 27 Jan 2023 12:50:47 -0600
Subject: [PATCH 3/6] placement for nginx

---
 docker-compose.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 5c415b2..1d43120 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,6 +3,10 @@ version: "3.8"
 services:
   proxy:
     image: valian/docker-nginx-auto-ssl
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.web==true"
     restart: always
     ports:
       - 80:80

From d9f56fb85a4a512016ec484c2e5b04106d6cba5e Mon Sep 17 00:00:00 2001
From: Will Murphy <william@datatitian.com>
Date: Fri, 27 Jan 2023 13:31:59 -0600
Subject: [PATCH 4/6] a few more tweaks to get it working

---
 README.md          | 2 +-
 docker-compose.yml | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 51fa972..653e91b 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ cp .env.defaults .env
 export DOMAIN=yourdomain.com
 echo DOMAIN=$DOMAIN >> .env
 echo ALLOWED_DOMAINS=$DOMAIN >> .env
-echo SITES='"'$DOMAIN=guppe:8085'"' >> .env
+echo SITES=$DOMAIN=guppe:8085 >> .env
 docker swarm init --advertise-addr 127.0.0.1
 # all on one node for simple setup or split these onto different nodes for a distributed swarm
 docker node update --label-add web=true --label-add database=true --label-add delivery=true $(hostname)
diff --git a/docker-compose.yml b/docker-compose.yml
index 1d43120..adb96ee 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,6 +13,8 @@ services:
       - 443:443
     volumes:
       - ssl_data:/etc/resty-auto-ssl
+    depends_on:
+      - guppe
     env_file: '.env'
   guppe:
     image: datatitian/guppe
@@ -34,7 +36,7 @@ services:
       options:
         max-size: '10m'
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost"]
+      test: ["CMD", "curl", "-f", "http://localhost:8085"]
       interval: 1m30s
       timeout: 10s
       retries: 3

From 0efb2eef4308700b533be48ed509bd09377b1cf8 Mon Sep 17 00:00:00 2001
From: Will Murphy <william@datatitian.com>
Date: Fri, 27 Jan 2023 13:36:25 -0600
Subject: [PATCH 5/6] update changelog

---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fe01b35..b63c022 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Unreleased
+
+* Change production swarm setup to use nginx for ssl-terminating reverse proxy due to renewal issues with @small-tech/auto-encrypt in in swarm mode
+* Update activitypub-express to fix [a spec compliance issue](https://github.com/immers-space/activitypub-express/pull/83)
+
 ## v1.2.0 (2022-05-15)
 
 * Fix: show correct domain name in guppe instructions on homepage

From ebf5fb43ef8e7f0d436b1b211b762920ddc9362d Mon Sep 17 00:00:00 2001
From: Will Murphy <william@datatitian.com>
Date: Fri, 27 Jan 2023 13:38:00 -0600
Subject: [PATCH 6/6] update changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b63c022..d742e82 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,7 @@
 ## Unreleased
 
 * Change production swarm setup to use nginx for ssl-terminating reverse proxy due to renewal issues with @small-tech/auto-encrypt in in swarm mode
+* Change swarm node labeling scheme to allow consolidation of all services on one machine
 * Update activitypub-express to fix [a spec compliance issue](https://github.com/immers-space/activitypub-express/pull/83)
 
 ## v1.2.0 (2022-05-15)