From ac1eceb7dda9e61a3c78fe9880c92162882d75b5 Mon Sep 17 00:00:00 2001
From: Oscar Gonzalez <oscgonfer@gmail.com>
Date: Wed, 3 Apr 2024 16:34:14 +0000
Subject: [PATCH] Allow nginx to listen with SSL on port 443

This enables strict end-to-end encryption on cloudflare.
---
 compose/web.yml                             | 5 +++--
 scripts/nginx-conf/api.smartcitizen.me.conf | 5 +++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/compose/web.yml b/compose/web.yml
index 46023771..44eade00 100644
--- a/compose/web.yml
+++ b/compose/web.yml
@@ -6,7 +6,8 @@ services:
     ports:
       - 80:80
       - 80:80/udp
-      #- 443:443
+      - 443:443
     volumes:
       - ../scripts/nginx-conf/api.smartcitizen.me.conf:/etc/nginx/conf.d/api.smartcitizen.me.conf
-      - ../scripts/nginx.conf:/etc/nginx/nginx.conf
\ No newline at end of file
+      - ../scripts/nginx.conf:/etc/nginx/nginx.conf
+      - ../scripts/certs:/etc/ssl:ro
diff --git a/scripts/nginx-conf/api.smartcitizen.me.conf b/scripts/nginx-conf/api.smartcitizen.me.conf
index f46d6737..695f8486 100644
--- a/scripts/nginx-conf/api.smartcitizen.me.conf
+++ b/scripts/nginx-conf/api.smartcitizen.me.conf
@@ -77,6 +77,11 @@ server {
   listen   80;
   listen   [::]:80;
 
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  ssl_certificate    /etc/ssl/star_smartcitizen_me.pem;
+  ssl_certificate_key    /etc/ssl/star_smartcitizen_me.key;
+
   try_files $uri/index.html $uri @app;
 
   location @app {