Add SSL certs, probably not copied in image since not pushed

Jules-Jules-and-Julian-LLC · Jun 24, 2024 · 3e4d3d0 · 3e4d3d0
1 parent c5e87ad
commit 3e4d3d0
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -46,12 +46,16 @@ COPY nginx.conf /etc/nginx/nginx.conf
 # Copy static files
 COPY src/frontend/build /usr/share/nginx/html
 
+# Copy SSL certificates
+COPY secrets /etc/letsencrypt/live/writeshite.com
+COPY secrets/archive /etc/letsencrypt/archive/writeshite.com
+
 # Add the start script
 COPY start.sh /app/start.sh
 RUN chmod +x /app/start.sh
 
 # Expose ports for Nginx and the Spring Boot application
-EXPOSE 80 8080 443 3000
+EXPOSE 80 8080 443
 
 # Start Nginx and the Spring Boot application
 CMD ["/app/start.sh"]
diff --git a/nginx.conf b/nginx.conf
@@ -31,6 +31,19 @@ http {
         listen 80;
         server_name writeshite.com www.writeshite.com;
 
+        return 301 https://$host$request_uri;
+    }
+
+    server {
+        listen 443 ssl;
+        server_name writeshite.com www.writeshite.com;
+
+        ssl_certificate /etc/letsencrypt/live/writeshite.com/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/writeshite.com/privkey.pem;
+
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers HIGH:!aNULL:!MD5;
+
         root /usr/share/nginx/html;
         index index.html;
 
@@ -42,7 +55,26 @@ http {
             proxy_pass http://localhost:8080;
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection 'upgrade';
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+        }
+
+        location /websocket {
+            proxy_pass http://localhost:8080;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+        }
+
+        # Catch-all route to forward all other requests to the backend
+        location / {
+            proxy_pass http://localhost:8080;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
             proxy_set_header Host $host;
             proxy_cache_bypass $http_upgrade;
         }

diff --git a/src/frontend/src/Lobby.js b/src/frontend/src/Lobby.js
@@ -53,7 +53,7 @@ export default class Lobby extends React.Component {
                 console.log('STOMP: ' + str)
             },
             webSocketFactory: () => {
-                return new SockJS(`https://${window.location.hostname}:443/websocket`)
+                return new SockJS(`https://${window.location.hostname}/websocket`)
             },
             reconnectDelay: 20000,
             stompVersions: new Versions([Versions.V1_0, Versions.V1_1]),