From 7ca2f27ac6373267946e8093c8f35cefc2dcc5aa Mon Sep 17 00:00:00 2001
From: Linden Crandall <lindencrandall123@gmail.com>
Date: Fri, 7 Feb 2025 09:10:09 +0900
Subject: [PATCH 1/5] update gitignore

---
 .gitignore | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index f7cae68..b9b9fc2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -128,5 +128,7 @@ dist
 # MacOS finder preferences
 .DS_store
 
+# https stuff
 .crt
-.key
\ No newline at end of file
+.key
+certbot/
\ No newline at end of file

From 243cb035daeeae3305a63d462683860c5fa19eb5 Mon Sep 17 00:00:00 2001
From: Linden Crandall <lindencrandall123@gmail.com>
Date: Fri, 7 Feb 2025 09:11:33 +0900
Subject: [PATCH 2/5] prepare docker-compose.yml for deployment

---
 docker-compose.yml | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 07f4523..4d1c981 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,45 @@
 version: '3.9'
+networks:
+  proxy:
+    driver: bridge   
+  default:
+    name: automatisch_network
+    enable_ipv6: ${ENABLE_IPV6}
+    ipam:
+      config:
+        - subnet: 2001:db8::/64
 services:
+  # for local https development using self-signed certs via openssl
+  # nginx:
+  #   image: nginx:latest
+  #   depends_on:
+  #     - main    
+  #   ports:
+  #     - "443:443"
+  #   volumes:
+  #     - ./https/certs/${SSL_SELF_SIGNED_CRT}:/etc/nginx/certs/${SSL_SELF_SIGNED_CRT}:ro
+  #     - ./https/certs/${SSL_SELF_SIGNED_KEY}:/etc/nginx/certs/${SSL_SELF_SIGNED_KEY}:ro
+  #     - ./https/nginx/automatisch_self_signed_nginx.conf:/etc/nginx/conf.d/
+  # for production using letsencrypt and certbot
+  nginx:
+    image: nginx:latest
+    depends_on:
+      - main      
+    restart: unless-stopped
+    volumes:
+      - ./https/nginx/automatisch_letsencrypt_nginx.conf:/etc/nginx/conf.d/
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
+    ports:
+      - ${PORT}:${PORT}
+      - 443:443
+  
+  certbot:
+     image: certbot/certbot:latest
+     volumes:
+       - ./certbot/conf:/etc/letsencrypt
+       - ./certbot/www:/var/www/certbot     
+     command: certonly --webroot -w /var/www/certbot --keep-until-expiring --email ${SSL_CERT_EMAIL} -d ${HOST} --agree-tos
   main:
     build:
       context: ./docker

From 7aab108b6b866015683aac2815ae7192d391f444 Mon Sep 17 00:00:00 2001
From: Linden Crandall <lindencrandall123@gmail.com>
Date: Fri, 7 Feb 2025 09:11:53 +0900
Subject: [PATCH 3/5] local https prod simulation nginx config

---
 .../nginx/automatisch_self_signed_nginx.conf  | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 https/nginx/automatisch_self_signed_nginx.conf

diff --git a/https/nginx/automatisch_self_signed_nginx.conf b/https/nginx/automatisch_self_signed_nginx.conf
new file mode 100644
index 0000000..4b833fe
--- /dev/null
+++ b/https/nginx/automatisch_self_signed_nginx.conf
@@ -0,0 +1,19 @@
+events {}
+
+http {
+    server {
+        listen 443 ssl;
+        server_name shiloh_automatisch.local;
+
+        ssl_certificate /etc/nginx/certs/shiloh_automatisch.local.crt;
+        ssl_certificate_key /etc/nginx/certs/shiloh_automatisch.local.key;
+
+        location / {
+            proxy_pass http://main:7757;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto https;
+        }
+    }
+}

From 8cdacdb85dbfdfef711e9a60aad68679e0bd2381 Mon Sep 17 00:00:00 2001
From: Linden Crandall <lindencrandall123@gmail.com>
Date: Fri, 7 Feb 2025 09:12:29 +0900
Subject: [PATCH 4/5] initial letsencrypt nginx conf file

---
 .../nginx/automatisch_letsencrypt_nginx.conf  | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 https/nginx/automatisch_letsencrypt_nginx.conf

diff --git a/https/nginx/automatisch_letsencrypt_nginx.conf b/https/nginx/automatisch_letsencrypt_nginx.conf
new file mode 100644
index 0000000..d49e548
--- /dev/null
+++ b/https/nginx/automatisch_letsencrypt_nginx.conf
@@ -0,0 +1,19 @@
+events {
+    worker_connections  1024;
+}
+
+http {
+
+    server {
+        listen 7757;
+        server_name automatisch.lasthourhosting.org;
+
+        location / {
+            proxy_pass http://main:7757;
+        }               
+
+        location ~ /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }        
+    }
+}

From 5807979b5eb06cebd38c9c0d4d30a2d0f8d04353 Mon Sep 17 00:00:00 2001
From: Linden Crandall <lindencrandall123@gmail.com>
Date: Fri, 7 Feb 2025 09:12:51 +0900
Subject: [PATCH 5/5] nginx letsencrypt conf file after ssl certs are created

---
 https/nginx/temp.conf | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 https/nginx/temp.conf

diff --git a/https/nginx/temp.conf b/https/nginx/temp.conf
new file mode 100644
index 0000000..42f48ec
--- /dev/null
+++ b/https/nginx/temp.conf
@@ -0,0 +1,34 @@
+events {
+    worker_connections  1024;
+}
+
+http {
+    
+    server {
+        listen 7757;
+        server_name automatisch.lasthourhosting.org;
+
+        location ~ /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }
+
+        return 301 https://$host$request_uri;
+    }
+
+    server {
+        listen 443 ssl http2;
+        # use ssl letsencrypt certs
+        ssl_certificate      /etc/letsencrypt/live/automatisch.lasthourhosting.org/fullchain.pem;
+        ssl_certificate_key  /etc/letsencrypt/live/automatisch.lasthourhosting.org/privkey.pem;
+        server_name automatisch.lasthourhosting.org;
+
+
+        location / {
+            proxy_pass http://automatisch.lasthourhosting.org:7757/;
+        }               
+
+        location ~ /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }        
+    }    
+}