From daca3d306dde095ad39f7acc3efbc6d8195ea254 Mon Sep 17 00:00:00 2001
From: Dennis Postma <dennis@directonline.io>
Date: Sat, 8 Feb 2025 05:01:00 +0100
Subject: [PATCH] SSL

---
 Dockerfile                          |  2 --
 docker-compose.yml                  | 20 ++++++++++++--
 docker/data/certbot/conf/.gitignore |  2 ++
 docker/data/certbot/www/.gitignore  |  2 ++
 nginx.conf                          | 41 +++++++++++++++++++++++++++++
 5 files changed, 63 insertions(+), 4 deletions(-)
 create mode 100644 docker/data/certbot/conf/.gitignore
 create mode 100644 docker/data/certbot/www/.gitignore
 create mode 100644 nginx.conf

diff --git a/Dockerfile b/Dockerfile
index f673cbc..16767c9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,5 @@ RUN npm ci
 
 COPY . .
 
-EXPOSE 4000
-
 # Modify CMD to use tmux
 CMD npx mikro-orm-esm migration:up && npm run start
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 3782fe9..b423184 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,10 +1,26 @@
 services:
+  nginx:
+    image: nginx:alpine
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./docker/data/certbot/conf:/etc/letsencrypt
+      - ./docker/data/certbot/www:/var/www/certbot
+    depends_on:
+      - app
+    networks:
+      - app-network
+    restart: unless-stopped
   app:
     build:
       context: .
       dockerfile: Dockerfile
-    ports:
-      - "${PORT}:${PORT}"
+#    ports:
+#      - "${PORT}:${PORT}"
+    expose:
+      - "${PORT}"
     environment:
       - ENV=${ENV}
       - HOST=${HOST}
diff --git a/docker/data/certbot/conf/.gitignore b/docker/data/certbot/conf/.gitignore
new file mode 100644
index 0000000..1287e9b
--- /dev/null
+++ b/docker/data/certbot/conf/.gitignore
@@ -0,0 +1,2 @@
+**
+!.gitignore
diff --git a/docker/data/certbot/www/.gitignore b/docker/data/certbot/www/.gitignore
new file mode 100644
index 0000000..1287e9b
--- /dev/null
+++ b/docker/data/certbot/www/.gitignore
@@ -0,0 +1,2 @@
+**
+!.gitignore
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..8ce9ffc
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,41 @@
+events {
+    worker_connections 1024;
+}
+
+http {
+    upstream socketio_backend {
+        server app:${PORT};
+    }
+
+    server {
+        listen 80;
+        server_name ${HOST};
+
+        location /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }
+
+        location / {
+            return 301 https://$host$request_uri;
+        }
+    }
+
+    server {
+        listen 443 ssl;
+        server_name ${HOST};
+
+        ssl_certificate /etc/letsencrypt/live/${HOST}/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/${HOST}/privkey.pem;
+
+        location / {
+            proxy_pass http://socketio_backend;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+}
\ No newline at end of file