Add SSL

Author: sjefferson99

compose.yml

@@ -33,14 +33,17 @@ services:
       start_period: 40s
 
   nginx:
-    image: nginx:alpine
+    build:
+      context: ./server
+      dockerfile: Dockerfile.nginx
     container_name: aft-web
     restart: unless-stopped
     depends_on:
       server:
         condition: service_healthy
     ports:
       - "80:80"
+      - "443:443"
     volumes:
       - ./www:/usr/share/nginx/html
       - ./server/nginx.conf:/etc/nginx/conf.d/default.conf

server/Dockerfile.nginx

@@ -0,0 +1,11 @@
+FROM nginx:alpine
+
+# Install openssl for generating self-signed certificates
+RUN apk add --no-cache openssl
+
+# Copy entrypoint script
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+# Set entrypoint
+ENTRYPOINT ["/entrypoint.sh"]

server/entrypoint.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+# Generate self-signed SSL certificates if they don't exist
+
+SSL_DIR="/etc/nginx/ssl"
+CERT_FILE="$SSL_DIR/cert.pem"
+KEY_FILE="$SSL_DIR/key.pem"
+
+# Create SSL directory if it doesn't exist
+mkdir -p $SSL_DIR
+
+# Generate self-signed certificate if it doesn't exist
+if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then
+    echo "Generating self-signed SSL certificate..."
+    openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+        -keyout $KEY_FILE \
+        -out $CERT_FILE \
+        -subj "/C=US/ST=State/L=City/O=AFT/CN=localhost" \
+        2>/dev/null
+    
+    echo "SSL certificate generated successfully"
+else
+    echo "SSL certificate already exists"
+fi
+
+# Start nginx
+exec nginx -g 'daemon off;'

server/nginx.conf

@@ -1,7 +1,13 @@
+# HTTP server - redirect to HTTPS
 server {
     listen 80;
     server_name localhost;
 
+    # Optional: redirect all HTTP to HTTPS
+    # Uncomment the following to force HTTPS:
+    # return 301 https://$host$request_uri;
+    
+    # For now, serve HTTP normally
     location / {
         root /usr/share/nginx/html;
         index index.html;
@@ -15,6 +21,42 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
 
+        # Increase timeouts for database operations
+        proxy_read_timeout 300s;
+        proxy_connect_timeout 300s;
+        proxy_send_timeout 300s;
+    }
+}
+
+# HTTPS server
+server {
+    listen 443 ssl;
+    server_name localhost;
+    
+    # SSL certificate paths
+    # For self-signed certs, mount these in docker-compose
+    # For production, use Let's Encrypt or your SSL provider
+    ssl_certificate /etc/nginx/ssl/cert.pem;
+    ssl_certificate_key /etc/nginx/ssl/key.pem;
+    
+    # SSL configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    
+    location / {
+        root /usr/share/nginx/html;
+        index index.html;
+        try_files $uri $uri/ /index.html;
+    }
+    
+    location /api/ {
+        proxy_pass http://server:5000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        
         # Increase timeouts for database operations
         proxy_read_timeout 300s;
         proxy_connect_timeout 300s;