feat: add TLSv1.2 support

docker-compose.yml

@@ -1,5 +1,6 @@
 version: '3'
 services:
+
   postgres:
     image: postgres:latest
     environment:
@@ -13,7 +14,6 @@ services:
     networks: 
       - backend
 
-  # Refuapp Backend
   refuapp-backend:
     build:
       context: ./refuapp-backend  # Path to your project directory
@@ -29,6 +29,21 @@ services:
     networks: 
       - backend
 
+  nginx:
+    image: nginx:latest
+    container_name: nginx container
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf
+      - ./certificate.crt:/etc/nginx/certificate.crt
+      - ./privatekey.key:/etc/nginx/private.key
+      - /home/ferran/web:/var/www
+      - /home/ferran/static:/static
+    depends_on:
+      - refuapp-backend
+
 networks:
   backend:
     driver: "bridge"
@@ -38,5 +53,5 @@ volumes:
     driver: local # Define the driver and options under the volume name
     driver_opts:
       type: none
-      device: /home/ferran/data/
+      device: ~/data/
       o: bind

nginx.conf

@@ -0,0 +1,31 @@
+# Define the HTTP server with TLS 1.3 support
+server {
+    listen 443 ssl http2;
+    server_name linode-pofnet.duckdns.org;
+
+    # SSL/TLS settings
+    ssl_certificate /etc/nginx/certificate.crt;
+    ssl_certificate_key /etc/nginx/private.key;
+
+    # Enable TLS 1.3
+    ssl_protocols TLSv1.3;
+
+    # API route
+    location /api {
+        proxy_pass http://127.0.0.1:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    # Root route
+    location / {
+        alias /var/www/;
+        index index.html;
+    }
+
+    # Static files
+    location /static {
+        alias /static/;
+    }
+}