From 33e1c00b48c4754e4fc59bac1bcbee628104c78b Mon Sep 17 00:00:00 2001
From: Liam Keegan <liam@keegan.ch>
Date: Mon, 13 Jan 2025 14:35:37 +0100
Subject: [PATCH] update frontend nginx.conf to allow certbot to renew SSL
 certificates using port 80

---
 frontend/nginx.conf | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/frontend/nginx.conf b/frontend/nginx.conf
index 6ef2be1..c766267 100644
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -1,7 +1,31 @@
+server {
+    # allow certbot to renew SSL certificates using port 80
+    listen 80;
+    listen [::]:80;
+
+    server_name circuitseq.iwr.uni-heidelberg.de;
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    # forward anything else to https://circuitseq.iwr.uni-heidelberg.de
+    location / {
+        return 301 https://circuitseq.iwr.uni-heidelberg.de$request_uri;
+    }
+}
+
+server {
+    # redirect www.circuitseq.iwr.uni-heidelberg.de to circuitseq.iwr.uni-heidelberg.de
+    server_name www.circuitseq.iwr.uni-heidelberg.de;
+    return 301 $scheme://circuitseq.iwr.uni-heidelberg.de$request_uri;
+}
+
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
-   server_name www.circuitseq.iwr.uni-heidelberg.de circuitseq.iwr.uni-heidelberg.de localhost;
+   server_name www.circuitseq.iwr.uni-heidelberg.de circuitseq.iwr.uni-heidelberg.de;
         ssl_certificate      /sample_flow_ssl_cert.pem;
         ssl_certificate_key  /sample_flow_ssl_key.pem;