From 310ab108cb6e666a6f7f85522ba94735141cbca0 Mon Sep 17 00:00:00 2001
From: PA4KEV <kevin.vd.vleuten@gmail.com>
Date: Tue, 7 Feb 2023 22:41:51 +0100
Subject: [PATCH] Update nginx config to use Letsencrypt

---
 Dockerfile              |  1 +
 config/nginx/nginx.conf | 25 +++++++++++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index dee6afc..bec7877 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,4 +13,5 @@ COPY --from=build /app/build /usr/share/nginx/html
 RUN rm /etc/nginx/conf.d/default.conf
 COPY config/nginx/nginx.conf /etc/nginx/conf.d
 EXPOSE 80
+EXPOSE 443
 CMD ["nginx", "-g", "daemon off;"]
diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf
index 8b1602e..2b1df70 100644
--- a/config/nginx/nginx.conf
+++ b/config/nginx/nginx.conf
@@ -1,6 +1,23 @@
 server {
-  listen 80;
-  
+    server_name matsubara.nl www.matsubara.nl;
+    listen 80;
+    listen [::]:80;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+  server_name matsubara.nl www.matsubara.nl;
+  server_tokens off;
+
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  # These two directives define the paths to the TLS certificate and secret key.
+  # These will be provisioned using Certbot and mounted into the Nginx container in the next step.
+  ssl_certificate /etc/letsencrypt/live/matsubara.nl-0002/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/matsubara.nl-0002/privkey.pem;
+
   location / {
     root   /usr/share/nginx/html;
     index  index.html index.htm;
@@ -16,4 +33,8 @@ server {
   location = /50x.html {
     root   /usr/share/nginx/html;
   }
+
+  location /.well-known/acme-challenge/ {
+      root /var/www/certbot;
+  }
 }