From 9542b2e5f73c9c1a2ad38c47de95b0abc2949694 Mon Sep 17 00:00:00 2001
From: virusdefender <virusdefender@outlook.com>
Date: Sat, 16 Dec 2017 01:38:44 +0800
Subject: [PATCH 1/2] use env to force https

---
 deploy/nginx/https_redirect.conf             | 3 +++
 deploy/nginx/{common.conf => locations.conf} | 0
 deploy/nginx/nginx.conf                      | 4 ++--
 deploy/run.sh                                | 8 ++++++++
 4 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 deploy/nginx/https_redirect.conf
 rename deploy/nginx/{common.conf => locations.conf} (100%)
 mode change 100644 => 100755 deploy/run.sh

diff --git a/deploy/nginx/https_redirect.conf b/deploy/nginx/https_redirect.conf
new file mode 100644
index 0000000..71eb6c0
--- /dev/null
+++ b/deploy/nginx/https_redirect.conf
@@ -0,0 +1,3 @@
+location / {
+    return 301 https://$host$request_uri;
+}
\ No newline at end of file
diff --git a/deploy/nginx/common.conf b/deploy/nginx/locations.conf
similarity index 100%
rename from deploy/nginx/common.conf
rename to deploy/nginx/locations.conf
diff --git a/deploy/nginx/nginx.conf b/deploy/nginx/nginx.conf
index 01f7ae7..cdf8fe1 100644
--- a/deploy/nginx/nginx.conf
+++ b/deploy/nginx/nginx.conf
@@ -36,7 +36,7 @@ http {
         listen 8000 default_server;
         server_name _;
 
-        include common.conf;
+        include http_locations.conf;
     }
 
     server {
@@ -49,7 +49,7 @@ http {
         ssl_prefer_server_ciphers on;
         ssl_session_cache shared:SSL:10m;
 
-        include common.conf;
+        include https_locations.conf;
     }
 
 }
diff --git a/deploy/run.sh b/deploy/run.sh
old mode 100644
new mode 100755
index 12f2db2..271e2fc
--- a/deploy/run.sh
+++ b/deploy/run.sh
@@ -23,6 +23,14 @@ if [ ! -f "$SSL/server.key" ]; then
         -subj "/C=CN/ST=Beijing/L=Beijing/O=Beijing OnlineJudge Technology Co., Ltd./OU=Service Infrastructure Department/CN=`hostname`" -nodes
 fi
 
+cd $APP/deploy/nginx
+ln -sf locations.conf https_locations.conf
+if [ -z "$FORCE_HTTPS" ]; then
+    ln -sf locations.conf http_locations.conf
+else
+    ln -sf https_redirect.conf http_locations.conf
+fi
+
 cd $APP
 
 n=0

From 2f76a465000d288c06161aaa6c5b16ffb5bb9d3b Mon Sep 17 00:00:00 2001
From: virusdefender <virusdefender@outlook.com>
Date: Sat, 16 Dec 2017 01:53:59 +0800
Subject: [PATCH 2/2] add ssl helper

---
 deploy/nginx/locations.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/deploy/nginx/locations.conf b/deploy/nginx/locations.conf
index 8d26d08..1732c7e 100644
--- a/deploy/nginx/locations.conf
+++ b/deploy/nginx/locations.conf
@@ -19,6 +19,10 @@ location /admin {
     try_files $uri $uri/ /index.html =404;
 }
 
+location /.well-known {
+    alias /data/ssl/.well-known;
+}
+
 location / {
     root /app/dist;
     try_files $uri $uri/ /index.html =404;