From a3884130cf4df454a900700d113b532ee1dbfafb Mon Sep 17 00:00:00 2001
From: amr <amrnabil5700@gmail.com>
Date: Wed, 13 Apr 2022 20:01:44 +0200
Subject: [PATCH 1/2] add ssl support

---
 .gitignore                    | 2 ++
 Dockerfile                    | 2 ++
 certs/ssl/tempate.private.key | 0
 certs/ssl/template.bundle.crt | 0
 nginx.conf                    | 6 ++++--
 5 files changed, 8 insertions(+), 2 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 certs/ssl/tempate.private.key
 create mode 100644 certs/ssl/template.bundle.crt

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f08585a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+certs/ssl/bundle.crt
+certs/ssl/private.key
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 01bad77..784c866 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,2 +1,4 @@
 FROM nginx
 COPY nginx.conf /etc/nginx/nginx.conf
+COPY certs/ssl/bundle.crt /etc/nginx/certs/ssl/bundle.crt
+COPY certs/ssl/private.key /etc/nginx/certs/ssl/private.key
\ No newline at end of file
diff --git a/certs/ssl/tempate.private.key b/certs/ssl/tempate.private.key
new file mode 100644
index 0000000..e69de29
diff --git a/certs/ssl/template.bundle.crt b/certs/ssl/template.bundle.crt
new file mode 100644
index 0000000..e69de29
diff --git a/nginx.conf b/nginx.conf
index 5fedfe4..c77766d 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,8 +1,10 @@
 events {}
 http {
     server {
-        listen 80 default backlog=16384;
-        listen [::]:80 default backlog=16384;
+        listen 443 ssl default backlog=16384;
+        listen [::]:443 ssl default backlog=16384;
+        ssl_certificate certs/ssl/bundle.crt;
+        ssl_certificate_key certs/ssl/private.key;
 
         location /lib.min.js {
             proxy_set_header X-Real-IP $http_x_forwarded_for;

From fc7c665b4fda977b75ddd53c4606d29341b05465 Mon Sep 17 00:00:00 2001
From: amr <amrnabil5700@gmail.com>
Date: Thu, 14 Apr 2022 02:40:52 +0200
Subject: [PATCH 2/2] enforce https on incomg http requests

---
 nginx.conf | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/nginx.conf b/nginx.conf
index c77766d..18b86f1 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,11 +1,18 @@
 events {}
 http {
     server {
-        listen 443 ssl default backlog=16384;
-        listen [::]:443 ssl default backlog=16384;
+        listen 80;
+        listen  [::]:80;
+        listen 443 ssl default_server backlog=16384;
+        listen [::]:443 ssl default_server backlog=16384;
+
         ssl_certificate certs/ssl/bundle.crt;
         ssl_certificate_key certs/ssl/private.key;
 
+        if ($scheme = http) {
+            return 301 https://$server_name$request_uri;
+        }
+
         location /lib.min.js {
             proxy_set_header X-Real-IP $http_x_forwarded_for;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;