From 9e509500f6fe9b8fdd2f9814601d6da1a6bef694 Mon Sep 17 00:00:00 2001
From: Tim Cowlishaw <tim@timcowlishaw.co.uk>
Date: Wed, 3 Apr 2024 18:47:57 +0200
Subject: [PATCH] Enable SSL with cloudflare origin cert on all hosts

---
 compose/web.yml                             |  1 +
 scripts/nginx-conf/api.smartcitizen.me.conf | 26 ++++++++++++++++++---
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/compose/web.yml b/compose/web.yml
index 44eade00..87de4ea7 100644
--- a/compose/web.yml
+++ b/compose/web.yml
@@ -7,6 +7,7 @@ services:
       - 80:80
       - 80:80/udp
       - 443:443
+      - 443:443/udp
     volumes:
       - ../scripts/nginx-conf/api.smartcitizen.me.conf:/etc/nginx/conf.d/api.smartcitizen.me.conf
       - ../scripts/nginx.conf:/etc/nginx/nginx.conf
diff --git a/scripts/nginx-conf/api.smartcitizen.me.conf b/scripts/nginx-conf/api.smartcitizen.me.conf
index 695f8486..c990cb64 100644
--- a/scripts/nginx-conf/api.smartcitizen.me.conf
+++ b/scripts/nginx-conf/api.smartcitizen.me.conf
@@ -3,7 +3,15 @@ upstream docker-push {
 }
 
 server {
+
   listen 80;
+  listen [::]:80;
+
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  ssl_certificate    /etc/ssl/star_smartcitizen_me.pem;
+  ssl_certificate_key    /etc/ssl/star_smartcitizen_me.key;
+
   server_name staging-ws.smartcitizen.me ws.smartcitizen.me;
 
   location / {
@@ -17,7 +25,14 @@ server {
 
 server {
   server_name kairos.smartcitizen.me staging-kairos.smartcitizen.me;
+
   listen 80;
+  listen [::]:80;
+  
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  ssl_certificate    /etc/ssl/star_smartcitizen_me.pem;
+  ssl_certificate_key    /etc/ssl/star_smartcitizen_me.key;
 
   location / {
     proxy_pass http://kairos:8080;
@@ -32,6 +47,11 @@ server {
 
   listen 80;
   listen [::]:80;
+  
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  ssl_certificate    /etc/ssl/star_smartcitizen_me.pem;
+  ssl_certificate_key    /etc/ssl/star_smartcitizen_me.key;
 
   try_files $uri/index.html $uri @app;
 
@@ -74,9 +94,9 @@ server {
 server {
   server_name api.smartcitizen.me data.smartcitizen.me staging-api.smartcitizen.me staging-data.smartcitizen.me new-api.smartcitizen.me;
 
-  listen   80;
-  listen   [::]:80;
-
+  listen 80;
+  listen [::]:80;
+  
   listen 443 ssl;
   listen [::]:443 ssl;
   ssl_certificate    /etc/ssl/star_smartcitizen_me.pem;