From 664edd339410b86af29a2f610d82c60e0c509196 Mon Sep 17 00:00:00 2001
From: Mike Chagnon <mike@kaimika.com>
Date: Sun, 24 Apr 2022 13:43:05 -0700
Subject: [PATCH] add ssl and no-ssl nginx templates

---
 docker-compose.yml                            |  2 +-
 env.example                                   |  3 ++
 nginx/templates/no-ssl/default.conf.template  | 30 +++++++++++++++++++
 .../default.conf.template}                    |  8 ++++-
 4 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 nginx/templates/no-ssl/default.conf.template
 rename nginx/templates/{http.conf.template => ssl/default.conf.template} (83%)

diff --git a/docker-compose.yml b/docker-compose.yml
index e170591..ac06fdb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -37,7 +37,7 @@ services:
       - NGINX_HTTP_PORT=${HTTP_PORT}
       - NGINX_HTTPS_PORT=${HTTPS_PORT}
     volumes:
-      - ./nginx/templates:/etc/nginx/templates
+      - ${NGINX_TEMPLATE_PATH}:/etc/nginx/templates
       - ./static:/code/static
       - ${ROI_PATH}:/rois
       - ${SSL_KEY}:/ssl/ssl.key:ro
diff --git a/env.example b/env.example
index cbd390e..2d1b0a6 100644
--- a/env.example
+++ b/env.example
@@ -26,3 +26,6 @@ DOCKER_NETWORK=photic
 # Location of SSL certificate files
 SSL_CERT=/etc/ssl/example.crt
 SSL_KEY=/etc/ssl/example.key
+
+# Folder containing the nginx template to mount inside the docker container (ssl vs non-ssl)
+NGINX_TEMPLATE_PATH=./nginx/templates/no-ssl
diff --git a/nginx/templates/no-ssl/default.conf.template b/nginx/templates/no-ssl/default.conf.template
new file mode 100644
index 0000000..0f60fc1
--- /dev/null
+++ b/nginx/templates/no-ssl/default.conf.template
@@ -0,0 +1,30 @@
+upstream photic_server {
+    server web:8000;
+}
+
+server {
+    listen ${NGINX_HTTP_PORT};
+    listen [::]:${NGINX_HTTP_PORT};
+    server_name ${NGINX_HOST};
+
+    location /static/ {
+        root /code;
+    }
+
+    location /rois/ {
+        root /;
+    }
+
+    location / {
+        proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $http_host;
+        proxy_redirect off;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+
+        if (!-f $request_filename) {
+            proxy_pass http://photic_server;
+            break;
+        }
+    }
+}
diff --git a/nginx/templates/http.conf.template b/nginx/templates/ssl/default.conf.template
similarity index 83%
rename from nginx/templates/http.conf.template
rename to nginx/templates/ssl/default.conf.template
index 29a3154..45406ee 100644
--- a/nginx/templates/http.conf.template
+++ b/nginx/templates/ssl/default.conf.template
@@ -5,7 +5,13 @@ upstream photic_server {
 server {
     listen ${NGINX_HTTP_PORT};
     listen [::]:${NGINX_HTTP_PORT};
-    listen ${NGINX_HTTPS_PORT} ssl;
+    server_name ${NGINX_HOST};
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen ${NGINX_HTTPS_PORT} default_server ssl;
     server_name ${NGINX_HOST}; 
 
     ssl_certificate /ssl/ssl.cer;