From 09aa171aa0fbb31ae20f1b4739eb9ecc0bda97b7 Mon Sep 17 00:00:00 2001
From: MoonTestUse1 <crocoman7887@gmail.com>
Date: Wed, 25 Dec 2024 03:57:09 +0600
Subject: [PATCH] Merge remote changes and resolve conflicts

---
 docker-compose.yml               | 19 +++++++++++++++++++
 docker/nginx/conf.d/default.conf | 27 +++++++++++++++++++++++++--
 2 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index bd25824..84f583f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,8 +7,13 @@ services:
     restart: unless-stopped
     ports:
       - "80:80"
+      - "443:443"
     volumes:
+      - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./docker/nginx/conf.d:/etc/nginx/conf.d:ro
+      - certbot-etc:/etc/letsencrypt
+      - certbot-var:/var/lib/letsencrypt
+      - webroot:/var/www/html
     depends_on:
       - backend
 
@@ -25,5 +30,19 @@ services:
       - ./backend:/app
       - sqlite_data:/app/instance
 
+  certbot:
+    image: certbot/certbot
+    container_name: certbot
+    volumes:
+      - certbot-etc:/etc/letsencrypt
+      - certbot-var:/var/lib/letsencrypt
+      - webroot:/var/www/html
+    depends_on:
+      - frontend
+    command: certonly --webroot --webroot-path=/var/www/html --email admin@itformhelp.ru --agree-tos --no-eff-email -d itformhelp.ru -d www.itformhelp.ru
+
 volumes:
   sqlite_data:
+  certbot-etc:
+  certbot-var:
+  webroot:
diff --git a/docker/nginx/conf.d/default.conf b/docker/nginx/conf.d/default.conf
index 34491e9..e24a02b 100644
--- a/docker/nginx/conf.d/default.conf
+++ b/docker/nginx/conf.d/default.conf
@@ -1,19 +1,42 @@
+# Redirect HTTP to HTTPS
 server {
     listen 80;
     listen [::]:80;
     server_name itformhelp.ru www.itformhelp.ru;
     
+    # Allow certbot auth challenge
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
+
+    # Redirect all other traffic to HTTPS
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+# HTTPS server
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name itformhelp.ru www.itformhelp.ru;
+
+    # SSL configuration
+    ssl_certificate /etc/letsencrypt/live/itformhelp.ru/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/itformhelp.ru/privkey.pem;
+    
     root /usr/share/nginx/html;
     index index.html;
 
+    # Frontend
     location / {
         try_files $uri $uri/ /index.html;
-        expires -1;
         add_header Cache-Control "no-store, no-cache, must-revalidate";
     }
 
+    # Backend API
     location /api/ {
-        proxy_pass http://backend:8000/api/;
+        proxy_pass http://backend:8000;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;