From 9eb3c33485754ba40dac2078b0d42a20ce90eb95 Mon Sep 17 00:00:00 2001
From: Maximilian Walzer <mwalzer@WalzerPC>
Date: Wed, 17 Dec 2025 09:08:17 +0100
Subject: [PATCH] HTTPS Setup mit Docker, Nginx und Let's Encrypt

---
 Dockerfile => app/Dockerfile |  0
 index.html => app/index.html |  0
 docker-compose.yaml          | 35 ++++++++++++++++++++++++++++++++++
 nginx/default.conf           | 37 ++++++++++++++++++++++++++++++++++++
 4 files changed, 72 insertions(+)
 rename Dockerfile => app/Dockerfile (100%)
 rename index.html => app/index.html (100%)
 create mode 100644 docker-compose.yaml
 create mode 100644 nginx/default.conf

diff --git a/Dockerfile b/app/Dockerfile
similarity index 100%
rename from Dockerfile
rename to app/Dockerfile
diff --git a/index.html b/app/index.html
similarity index 100%
rename from index.html
rename to app/index.html
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..d9f6ada
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,35 @@
+
+version: "3.8"
+
+services:
+  app:
+    build: ./app
+    volumes:
+      - ./app:/usr/share/nginx/html
+    expose:
+      - "80"
+
+  nginx:
+    image: nginx:alpine
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
+      - ./certbot/www:/var/www/certbot
+      - ./certbot/conf:/etc/letsencrypt
+    depends_on:
+      - app
+    restart: always
+
+  certbot:
+    image: certbot/certbot
+    volumes:
+      - ./certbot/www:/var/www/certbot
+      - ./certbot/conf:/etc/letsencrypt
+    entrypoint: >
+      sh -c "trap exit TERM;
+      while :; do
+        certbot renew;
+        sleep 12h & wait $${!};
+      done"
diff --git a/nginx/default.conf b/nginx/default.conf
new file mode 100644
index 0000000..d0086d9
--- /dev/null
+++ b/nginx/default.conf
@@ -0,0 +1,37 @@
+
+# HTTP → HTTPS Redirect + ACME Challenge
+server {
+    listen 80;
+    server_name sanke.s-martika.com;
+
+    # ACME Challenge für Let's Encrypt
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    # Alle anderen HTTP-Anfragen auf HTTPS umleiten
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+# HTTPS Server
+server {
+    listen 443 ssl http2;
+    server_name example.com;
+
+    # Pfad zu den Zertifikaten
+    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    # Weiterleitung an den App-Container
+    location / {
+        proxy_pass http://app:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}