diff --git a/certificate.crt b/certificate.crt new file mode 100644 index 0000000..61d5c10 Binary files /dev/null and b/certificate.crt differ diff --git a/docker-compose.yml b/docker-compose.yml index 38c23f6..1780956 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,6 @@ version: '3' services: + postgres: image: postgres:latest environment: @@ -13,7 +14,6 @@ services: networks: - backend - # Refuapp Backend refuapp-backend: build: context: ./refuapp-backend # Path to your project directory @@ -29,6 +29,21 @@ services: networks: - backend + nginx: + image: nginx:latest + container_name: nginx container + ports: + - "80:80" + - "443:443" + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf + - ./certificate.crt:/etc/nginx/certificate.crt + - ./privatekey.key:/etc/nginx/private.key + - /home/ferran/web:/var/www + - /home/ferran/static:/static + depends_on: + - refuapp-backend + networks: backend: driver: "bridge" @@ -38,5 +53,5 @@ volumes: driver: local # Define the driver and options under the volume name driver_opts: type: none - device: /home/ferran/data/ + device: ~/data/ o: bind diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..f25faf2 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,31 @@ +# Define the HTTP server with TLS 1.3 support +server { + listen 443 ssl http2; + server_name linode-pofnet.duckdns.org; + + # SSL/TLS settings + ssl_certificate /etc/nginx/certificate.crt; + ssl_certificate_key /etc/nginx/private.key; + + # Enable TLS 1.3 + ssl_protocols TLSv1.3; + + # API route + location /api { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + # Root route + location / { + alias /var/www/; + index index.html; + } + + # Static files + location /static { + alias /static/; + } +} diff --git a/private.key b/private.key new file mode 100644 index 0000000..4004571 Binary files /dev/null and b/private.key differ