fix: temporarily add back self-signed prod cert

Dragory · Dragory · commit ce778d69c3c3 · 2025-05-31T21:14:38.000Z
diff --git a/docker/production/nginx/Dockerfile b/docker/production/nginx/Dockerfile
@@ -1,3 +1,6 @@
 FROM nginx
 
+RUN apt-get update && apt-get install -y openssl
+RUN openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/private/localhost-cert.key -out /etc/ssl/certs/localhost-cert.pem -days 3650 -subj '/CN=localhost' -nodes
+
 COPY ./docker/production/nginx/default.conf /etc/nginx/conf.d/default.conf
diff --git a/docker/production/nginx/default.conf b/docker/production/nginx/default.conf
@@ -1,5 +1,6 @@
 server {
-  listen 80 default_server;
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
   server_name _;
 
   # Using a variable here stops nginx from crashing if the dev container is restarted or becomes otherwise unavailable
@@ -20,4 +21,14 @@ server {
 
     client_max_body_size 200M;
   }
+
+  ssl_certificate /etc/ssl/certs/localhost-cert.pem;
+  ssl_certificate_key /etc/ssl/private/localhost-cert.key;
+
+  ssl_session_timeout 1d;
+  ssl_session_cache shared:MozSSL:10m;
+  ssl_session_tickets off;
+
+  ssl_protocols TLSv1.3;
+  ssl_prefer_server_ciphers off;
 }
