From 88a47962dfeae98496907522caba12c13e80f5ab Mon Sep 17 00:00:00 2001
From: MoonTestUse1 <crocoman7887@gmail.com>
Date: Wed, 25 Dec 2024 02:48:29 +0600
Subject: [PATCH] Merge remote changes and resolve conflicts

---
 docker-compose.yml               | 20 +++------
 docker/nginx/conf.d/default.conf | 77 ++++++++++++++------------------
 2 files changed, 40 insertions(+), 57 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 06c48be..7267e0a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,9 +13,8 @@ services:
     volumes:
       - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./docker/nginx/conf.d:/etc/nginx/conf.d:ro
-      - certbot-etc:/etc/letsencrypt
-      - certbot-var:/var/lib/letsencrypt
-      - webroot:/var/www/html
+      - ./certbot/www:/var/www/html:ro
+      - ./certbot/conf:/etc/letsencrypt:ro
     depends_on:
       - backend
 
@@ -35,17 +34,12 @@ services:
       - "8000:8000"
 
   certbot:
-    image: certbot/certbot
+    image: certbot/certbot:latest
     container_name: certbot
     volumes:
-      - certbot-etc:/etc/letsencrypt
-      - certbot-var:/var/lib/letsencrypt
-      - webroot:/var/www/html
-    depends_on:
-      - frontend
-    command: certonly --webroot --webroot-path=/var/www/html --email admin@itformhelp.ru --agree-tos --no-eff-email -d itformhelp.ru -d www.itformhelp.ru
+      - ./certbot/conf:/etc/letsencrypt:rw
+      - ./certbot/www:/var/www/html:rw
+    command: certonly --webroot --webroot-path=/var/www/html --email admin@itformhelp.ru --agree-tos --no-eff-email --force-renewal -d itformhelp.ru -d www.itformhelp.ru
+
 volumes:
   sqlite_data:
-  certbot-etc:
-  certbot-var:
-  webroot:
\ No newline at end of file
diff --git a/docker/nginx/conf.d/default.conf b/docker/nginx/conf.d/default.conf
index d2b8287..254f0fe 100644
--- a/docker/nginx/conf.d/default.conf
+++ b/docker/nginx/conf.d/default.conf
@@ -1,18 +1,44 @@
-# Redirect HTTP to HTTPS
 server {
     listen 80;
     listen [::]:80;
     server_name itformhelp.ru www.itformhelp.ru;
     
-    location ~ /.well-known/acme-challenge {
+    location /.well-known/acme-challenge/ {
         allow all;
         root /var/www/html;
+        try_files $uri =404;
     }
 
     location / {
-        root /usr/share/nginx/html;
-        index index.html;
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 default_server ssl;
+    listen [::]:443 ssl;
+    http2 on;
+    
+    server_name itformhelp.ru www.itformhelp.ru;
+
+    ssl_certificate /etc/letsencrypt/live/itformhelp.ru/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/itformhelp.ru/privkey.pem;
+    
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    root /usr/share/nginx/html;
+    index index.html;
+
+    location / {
         try_files $uri $uri/ /index.html;
+        expires -1;
+        add_header Cache-Control "no-store, no-cache, must-revalidate";
     }
 
     location /api/ {
@@ -22,45 +48,8 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
     }
 }
-
-# HTTPS server
-#server {
-#    listen 443 ssl;
-#    listen [::]:443 ssl;
-#    http2 on;
-#    server_name itformhelp.ru www.itformhelp.ru;
-#    
-#    ssl_certificate /etc/letsencrypt/live/itformhelp.ru/fullchain.pem;
-#    ssl_certificate_key /etc/letsencrypt/live/itformhelp.ru/privkey.pem;
-#    
-#    ssl_session_timeout 1d;
-#    ssl_session_cache shared:SSL:50m;
-#    ssl_session_tickets off;
-#
-#    ssl_protocols TLSv1.2 TLSv1.3;
-#    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-#    ssl_prefer_server_ciphers off;
-#
-#    root /usr/share/nginx/html;
-#    index index.html;
-#
-#    location / {
-#        try_files $uri $uri/ /index.html;
-#        expires -1;
-#        add_header Cache-Control "no-store, no-cache, must-revalidate";
-#    }
-#
-#    location /api/ {
-#        proxy_pass http://backend:8000/api/;
-#        proxy_http_version 1.1;
-#        proxy_set_header Host $host;
-#        proxy_set_header X-Real-IP $remote_addr;
-#        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-#        proxy_set_header X-Forwarded-Proto $scheme;
-#        proxy_connect_timeout 60s;
-#        proxy_send_timeout 60s;
-#        proxy_read_timeout 60s;
-#    }
-#}