From 123a0131ed866e5bb7501a3933230a447cf6f74c Mon Sep 17 00:00:00 2001
From: Gilmar Pereira <wdarking@gmail.com>
Date: Thu, 26 Jun 2025 12:31:01 -0300
Subject: [PATCH] update: ssl certs, envs, log proxying

---
 22-nginx/Dockerfile | 35 +++++++++++++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

diff --git a/22-nginx/Dockerfile b/22-nginx/Dockerfile
index 4b10bf9..68ac34e 100644
--- a/22-nginx/Dockerfile
+++ b/22-nginx/Dockerfile
@@ -1,9 +1,35 @@
 # Use the base image
+FROM debian AS cert
+
+WORKDIR /kool/ssl
+
+RUN apt-get update && \
+    apt-get install -y openssl && \
+    openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \
+    openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \
+    rm server.pass.key && \
+    openssl req -new -key _.localhost.key -out server.csr \
+    -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \
+    openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \
+    openssl x509 -in _.localhost.crt -out _.localhost.pem
+
 FROM kooldev/node:22
 
-RUN apk add --no-cache nginx
+ENV NGINX_LISTEN=80 \
+    NGINX_HTTPS=false \
+    NGINX_LISTEN_HTTPS=443 \
+    NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \
+    NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \
+    NGINX_ROOT=/app/public \
+    NGINX_CLIENT_MAX_BODY_SIZE=25M
 
-RUN mkdir -p /etc/nginx/conf.d \
+RUN apk add --no-cache nginx \
+    && chown -R kool:kool /var/lib/nginx \
+    && chmod 770 /var/lib/nginx/tmp \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir -p /etc/nginx/conf.d \
     && mkdir /etc/nginx/h5bp \
     && cd /etc/nginx/h5bp \
     && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
@@ -11,3 +37,8 @@ RUN mkdir -p /etc/nginx/conf.d \
     && rm -f h5bp.tgz \
     && mv server-configs-nginx-*/h5bp/* . \
     && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-*
+
+COPY --from=cert /kool/ssl /kool/ssl