From 345b5e53cfae1f2ee06b2a61f71d53fe25217854 Mon Sep 17 00:00:00 2001
From: drorganvidez <davromorg@alum.us.es>
Date: Sat, 22 Jun 2024 18:00:42 +0200
Subject: [PATCH] fix: Fix SSL setup

---
 docker/docker-compose.prod.ssl.yml           | 10 +++---
 docker/nginx/nginx.prod.no-ssl.conf.template | 32 ++++++++++++++++++++
 scripts/ssl_setup.sh                         | 23 +++++++-------
 3 files changed, 48 insertions(+), 17 deletions(-)
 create mode 100644 docker/nginx/nginx.prod.no-ssl.conf.template

diff --git a/docker/docker-compose.prod.ssl.yml b/docker/docker-compose.prod.ssl.yml
index 131331c3a..99a2b8e9c 100644
--- a/docker/docker-compose.prod.ssl.yml
+++ b/docker/docker-compose.prod.ssl.yml
@@ -33,9 +33,9 @@ services:
     container_name: nginx_web_server_container
     image: nginx:latest
     volumes:
-      - nginx/nginx.prod.ssl.conf:/etc/nginx/nginx.conf
-      - letsencrypt:/etc/letsencrypt:ro
-      - public:/var/www:rw
+      - ./nginx/nginx.prod.ssl.conf:/etc/nginx/nginx.conf
+      - ./letsencrypt:/etc/letsencrypt:ro
+      - ./public:/var/www:rw
     ports:
       - "80:80"
       - "443:443"
@@ -55,8 +55,8 @@ services:
     image: certbot/certbot
     container_name: certbot_container
     volumes:
-      - public:/var/www:rw
-      - letsencrypt:/etc/letsencrypt
+      - ./public:/var/www:rw
+      - ./letsencrypt:/etc/letsencrypt
 
 volumes:
   db_data:
diff --git a/docker/nginx/nginx.prod.no-ssl.conf.template b/docker/nginx/nginx.prod.no-ssl.conf.template
new file mode 100644
index 000000000..9fec3a8aa
--- /dev/null
+++ b/docker/nginx/nginx.prod.no-ssl.conf.template
@@ -0,0 +1,32 @@
+events {}
+
+http {
+    upstream web {
+        server web:5000;
+    }
+
+    server {
+        listen 80;
+        server_name {{domain}};
+
+        location ~ /.well-known/acme-challenge/ {
+            root /var/www;
+            try_files $uri =404;
+        }
+
+        location / {
+
+            # Set proxy headers
+            proxy_pass http://web;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Increase proxy timeout settings
+            proxy_connect_timeout 3600;
+            proxy_send_timeout 3600;
+            proxy_read_timeout 3600;
+        }
+    }
+}
diff --git a/scripts/ssl_setup.sh b/scripts/ssl_setup.sh
index e455413f6..a18b0a78a 100755
--- a/scripts/ssl_setup.sh
+++ b/scripts/ssl_setup.sh
@@ -1,21 +1,18 @@
 #!/bin/bash
 
 while true; do
-    # Prompt for domain and email
     echo "Enter your domain (including 'www' and the extension, e.g., www.exampledomain.com):"
     read domain
 
     echo "Enter your email: "
     read email
 
-    # Display a summary of the entered data and ask for confirmation
     echo "Configured with the domain $domain"
     echo "Configured with the email $email"
     echo ""
     echo "Are you sure the entered information is correct? [y/n]"
     read confirm
 
-    # If the user confirms, break the loop and continue with the script. Otherwise, repeat the loop.
     if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then
         break
     else
@@ -26,22 +23,24 @@ done
 
 cd .. # go to parent folder
 
-# Navigate to the docker folder
-cd docker
+cd docker # go to docker folder
 
 # Create a new configuration file from the template
-cp ./nginx/nginx.prod.ssl.conf.template ./nginx/nginx.prod.ssl.conf
-
-# Replace the placeholder domain in the new configuration file
+cp ./nginx/nginx.prod.no-ssl.conf.template ./nginx/nginx.prod.no-ssl.conf
 sed -i "s/{{domain}}/$domain/g" ./nginx/nginx.prod.ssl.conf
 
-# Run Nginx container in dev mode (only to generate SSL)
-docker compose -f docker-compose.dev.yml up -d nginx
+# Run Nginx container without SSL to obtain certificates
+docker compose -f docker-compose.prod.ssl.yml up -d nginx
 
 # Generate the certificate with Certbot
 docker compose -f docker-compose.prod.ssl.yml run certbot certonly --webroot --webroot-path=/var/www -d $domain --email $email --agree-tos --no-eff-email --force-renewal
 
-# Configure Nginx to use the new certificate
-docker compose -f docker-compose.dev.yml down && docker compose -f docker-compose.prod.ssl.yml up -d --build
+# Create a new configuration file from the SSL template
+cp ./nginx/nginx.prod.ssl.conf.template ./nginx/nginx.prod.ssl.conf
+sed -i "s/{{domain}}/$domain/g" ./nginx/nginx.prod.ssl.conf
+
+# Restart Nginx with SSL configuration
+docker compose -f docker-compose.prod.ssl.yml down
+docker compose -f docker-compose.prod.ssl.yml up -d --build
 
 cd .. # go to parent folder