CREATE USER remnawave WITH PASSWORD '3ff167e6c519c2bf1157c022711d48321863d04228604baf';
CREATE DATABASE remnawave OWNER remnawave;
GRANT ALL PRIVILEGES ON DATABASE remnawave TO remnawave;
GRANT USAGE ON schema public TO remnawave;
GRANT ALL PRIVILEGES ON all tables in schema public to remnawave;
GRANT ALL PRIVILEGES ON all sequences in schema public to remnawave;
grant select,insert,update,delete on all tables in schema public to remnawave;
grant all on schema public to remnawave;

sed -i "s/^JWT_AUTH_SECRET=.*/JWT_AUTH_SECRET=$(openssl rand -hex 64)/" .env && sed -i "s/^JWT_API_TOKENS_SECRET=.*/JWT_API_TOKENS_SECRET=$(openssl rand -hex 64)/" .env
 
sed -i "s/^METRICS_PASS=.*/METRICS_PASS=$(openssl rand -hex 64)/" .env && sed -i "s/^WEBHOOK_SECRET_HEADER=.*/WEBHOOK_SECRET_HEADER=$(openssl rand -hex 64)/" .env

### DATABASE ###
# postgresql://用户名:密码@数据库名?host=/dev/shm
DATABASE_URL="postgresql://remnawave:3ff167e6c519c2bf1157c022711d48321863d04228604baf@remnawave?host=/dev/shm"
 
### REDIS ###
REDIS_HOST=127.0.0.1
REDIS_PORT=6379
REDIS_DB=5 # Redis 数据库序号，防止与其他项目混用数据库

  ervices:
  remnawave:
    image: remnawave/backend:2
    container_name: 'remnawave'
    hostname: remnawave
    restart: always
    network_mode: host
    env_file:
      - .env
    volumes:
      - /dev/shm:/dev/shm:rw

docker compose up -d && docker compose logs -f -t

 upstream remnawave {
    server remnawave:3000;
}
 
server {
    server_name REPLACE_WITH_YOUR_DOMAIN;
 
    listen 443 ssl reuseport;
    listen [::]:443 ssl reuseport;
    http2 on;
 
    location / {
        proxy_http_version 1.1;
        proxy_pass http://remnawave;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 
    # SSL Configuration (Mozilla Intermediate Guidelines)
    ssl_protocols          TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
 
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets    off;
    ssl_certificate "/etc/nginx/ssl/fullchain.pem";
    ssl_certificate_key "/etc/nginx/ssl/privkey.key";
    ssl_trusted_certificate "/etc/nginx/ssl/fullchain.pem";
 
    ssl_stapling           on;
    ssl_stapling_verify    on;
    resolver               1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
    resolver_timeout       2s;
 
    # Gzip Compression
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_types
        application/atom+xml
        application/geo+json
        application/javascript
        application/x-javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rdf+xml
        application/rss+xml
        application/xhtml+xml
        application/xml
        font/eot
        font/otf
        font/ttf
        image/svg+xml
        text/css
        text/javascript
        text/plain
        text/xml;
}
server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name _;
 
    ssl_reject_handshake on;
}