ssl сертификат3

docker/frontend/Dockerfile

@@ -12,26 +12,13 @@ RUN npm run build
 
 FROM nginx:alpine
 
-# Установка certbot
-RUN apk add --no-cache certbot certbot-nginx openssl
-
 COPY --from=build /app/dist /usr/share/nginx/html
 COPY docker/frontend/nginx.conf /etc/nginx/conf.d/default.conf
 
-# Создаем директории для сертификатов и certbot
+# Создаем директории для сертификатов
 RUN mkdir -p /etc/letsencrypt
 RUN mkdir -p /var/www/certbot
 
-# Копируем скрипты
-COPY docker/frontend/ssl-renew.sh /etc/periodic/daily/ssl-renew
-COPY docker/frontend/init-ssl.sh /docker-entrypoint.d/init-ssl.sh
-RUN chmod +x /etc/periodic/daily/ssl-renew
-RUN chmod +x /docker-entrypoint.d/init-ssl.sh
-
-# Создаем volumes для сертификатов
-VOLUME ["/etc/letsencrypt", "/var/www/certbot"]
-
 EXPOSE 80 443
 
-# Запускаем crond и nginx
-CMD ["sh", "-c", "crond && /docker-entrypoint.d/init-ssl.sh"]
+CMD ["nginx", "-g", "daemon off;"]

docker/frontend/nginx.conf

@@ -1,11 +1,9 @@
 server {
     listen 80;
-    listen [::]:80;
-    server_name itformhelp.ru www.itformhelp.ru;
+    server_name itformhelp.ru;
     
     location /.well-known/acme-challenge/ {
         root /var/www/certbot;
-        try_files $uri =404;
     }
 
     location / {
@@ -14,38 +12,19 @@ server {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-    server_name itformhelp.ru www.itformhelp.ru;
+    listen 443 ssl;
+    server_name itformhelp.ru;
 
     ssl_certificate /etc/letsencrypt/live/itformhelp.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/itformhelp.ru/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/itformhelp.ru/chain.pem;
 
-    # Улучшенные настройки SSL
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_tickets off;
-
-    # Современные настройки безопасности
+    # Базовые настройки SSL
     ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers off;
-
-    # HSTS (раскомментируйте после успешного тестирования SSL)
-    # add_header Strict-Transport-Security "max-age=63072000" always;
+    ssl_ciphers HIGH:!aNULL:!MD5;
 
     root /usr/share/nginx/html;
     index index.html;
 
-    # Gzip Settings
-    gzip on;
-    gzip_vary on;
-    gzip_min_length 10240;
-    gzip_proxied expired no-cache no-store private auth;
-    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
-    gzip_disable "MSIE [1-6]\.";
-
     # API proxy
     location /api/ {
         proxy_pass http://support-backend:8000;
@@ -53,7 +32,6 @@ server {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection 'upgrade';
         proxy_set_header Host $host;
-        proxy_cache_bypass $http_upgrade;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
@@ -61,27 +39,5 @@ server {
 
     location / {
         try_files $uri $uri/ /index.html;
-        add_header Cache-Control "no-cache, no-store, must-revalidate";
-    }
-
-    # Запрещаем доступ к .htaccess файлам
-    location ~ /\.ht {
-        deny all;
-    }
-
-    # Запрещаем доступ к файлам WordPress
-    location ~* \.(xml|txt)$ {
-        return 404;
-    }
-
-    # Запрещаем доступ к директориям WordPress
-    location ~* ^/(wp-admin|wp-includes|wp-content|wordpress|wp|blog|news|cms)/ {
-        return 404;
-    }
-
-    error_page 404 /index.html;
-    error_page 500 502 503 504 /50x.html;
-    location = /50x.html {
-        root /usr/share/nginx/html;
     }
 }