From 99f23cb05b7af04be39bca90e992945fa94a4e34 Mon Sep 17 00:00:00 2001
From: Ben Sherriff <bsherriffj@gmail.com>
Date: Sat, 12 Apr 2025 23:21:25 -0400
Subject: [PATCH] Updated nginx to toggle ssl

---
 .env                                          |  3 +-
 docker-compose.yml                            |  3 +-
 nginx/Dockerfile                              |  5 ++-
 nginx/scripts/01-configure_ssh.sh             | 12 +++++++
 nginx/templates/nossl.conf.template           | 36 +++++++++++++++++++
 ...efault.conf.template => ssl.conf.template} |  8 ++---
 ui/Dockerfile                                 |  2 +-
 7 files changed, 60 insertions(+), 9 deletions(-)
 create mode 100755 nginx/scripts/01-configure_ssh.sh
 create mode 100644 nginx/templates/nossl.conf.template
 rename nginx/templates/{default.conf.template => ssl.conf.template} (91%)

diff --git a/.env b/.env
index 5f2dbe8..6890579 100644
--- a/.env
+++ b/.env
@@ -1,7 +1,8 @@
 RUST_LOG=warn,api=info
 
 NGINX_HOST=localhost
-NGINX_PROTOCOL=https
+NGINX_SSL_ENABLED=false
+NGINX_PROTOCOL=http
 NGINX_HTTP_PORT=8080
 NGINX_HTTPS_PORT=8443
 NGINX_MINIO_HOST=host.docker.internal
diff --git a/docker-compose.yml b/docker-compose.yml
index ef6b067..c716cfc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -19,7 +19,6 @@ services:
     environment:
       SSL_CERT_PATH: /etc/nginx/ssl/localhost.crt
       SSL_CERT_KEY_PATH: /etc/nginx/ssl/localhost.key
-      NGINX_HOST: ${NGINX_HOST:-localhost}
     ports:
       - "${NGINX_HTTP_PORT:-8080}:80"
       - "${NGINX_HTTPS_PORT:-8443}:443"
@@ -126,7 +125,7 @@ services:
       dockerfile: Dockerfile
     env_file: *env
     environment:
-      - NODE_ENV=${NODE_ENV:-development}
+      - VITE_NODE_ENV=${VITE_NODE_ENV:-development}
     ports:
       - "${UI_PORT:-3000}:3000"
     volumes:
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
index abaeb12..e91e998 100644
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -1,3 +1,6 @@
 FROM nginx
 COPY nginx.conf /etc/nginx/nginx.conf
-COPY templates/ /etc/nginx/templates/
+COPY templates/ /templates/
+COPY scripts/01-configure_ssh.sh /docker-entrypoint.d/01-configure_ssh.sh
+
+RUN chmod +x /docker-entrypoint.d/01-configure_ssh.sh
diff --git a/nginx/scripts/01-configure_ssh.sh b/nginx/scripts/01-configure_ssh.sh
new file mode 100755
index 0000000..ad7cdf7
--- /dev/null
+++ b/nginx/scripts/01-configure_ssh.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+mkdir -p /etc/nginx/templates
+
+if [ "$NGINX_SSL_ENABLED" = "true" ]; then
+    echo "Using SSL configuration"
+    cp /templates/ssl.conf.template /etc/nginx/templates/default.conf.template
+else
+    echo "Using non-SSL configuration"
+    cp /templates/nossl.conf.template /etc/nginx/templates/default.conf.template
+fi
diff --git a/nginx/templates/nossl.conf.template b/nginx/templates/nossl.conf.template
new file mode 100644
index 0000000..2933860
--- /dev/null
+++ b/nginx/templates/nossl.conf.template
@@ -0,0 +1,36 @@
+# HTTP server configuration
+server {
+    listen       80;
+    listen  [::]:80;
+    server_name  ${NGINX_HOST};
+
+    location /api/ {
+        proxy_pass         ${API_PROTOCOL}://${NGINX_API_HOST}:${API_PORT}/api/;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+    }
+
+    location /minio/ {
+        proxy_pass         ${MINIO_PROTOCOL}://${NGINX_MINIO_HOST}:${MINIO_PORT_INTERNAL}/;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+    }
+
+    # Reverse proxy for the UI and default catch-all
+    location / {
+        proxy_pass         ${UI_PROTOCOL}://${NGINX_UI_HOST}:${UI_PORT}/;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+    }
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
diff --git a/nginx/templates/default.conf.template b/nginx/templates/ssl.conf.template
similarity index 91%
rename from nginx/templates/default.conf.template
rename to nginx/templates/ssl.conf.template
index 3536c34..542014a 100644
--- a/nginx/templates/default.conf.template
+++ b/nginx/templates/ssl.conf.template
@@ -19,10 +19,10 @@ server {
     ssl_certificate_key ${SSL_CERT_KEY_PATH};
 
     # Optional: SSL session settings and ciphers (adjust as required)
-    #ssl_session_cache   shared:SSL:10m;
-    #ssl_session_timeout 10m;
-    #ssl_ciphers         HIGH:!aNULL:!MD5;
-    #ssl_prefer_server_ciphers on;
+    # ssl_session_cache   shared:SSL:10m;
+    # ssl_session_timeout 10m;
+    # ssl_ciphers         HIGH:!aNULL:!MD5;
+    # ssl_prefer_server_ciphers on;
 
     location /api/ {
         proxy_pass         ${API_PROTOCOL}://${NGINX_API_HOST}:${API_PORT}/api/;
diff --git a/ui/Dockerfile b/ui/Dockerfile
index 89c8b7f..5e89da4 100644
--- a/ui/Dockerfile
+++ b/ui/Dockerfile
@@ -22,7 +22,7 @@ RUN \
 FROM base AS runner
 ARG PORT=3000
 ENV PORT=${PORT}
-ENV NODE_ENV=production
+ENV VITE_NODE_ENV=production
 WORKDIR /app
 
 COPY --chown=node --from=builder /builder /app