From fb49faf54f83cc22908e8264f91f260efc4b7ccd Mon Sep 17 00:00:00 2001
From: Sarah Wiechers <sarah.wiechers@uni-muenster.de>
Date: Tue, 18 Apr 2023 11:10:24 +0200
Subject: [PATCH] Revert "Added certbot for SSL certificate support"

This reverts commit 9fe0a8bf9e0d028e2a7d55da5c07b56850f34b18.
---
 .env-example       |  1 -
 docker-compose.yml | 12 --------
 nginx.conf         | 75 ++++++++++++++++++++--------------------------
 web.Dockerfile     |  9 +-----
 4 files changed, 34 insertions(+), 63 deletions(-)

diff --git a/.env-example b/.env-example
index 37b6dd71..283d79d5 100644
--- a/.env-example
+++ b/.env-example
@@ -8,7 +8,6 @@ PROJECT_DOMAIN=example.org
 
 # Only change the port if your project has a specific need for this
 PORT=80
-SSL_PORT=443
 
 
 ## Rails configuration
diff --git a/docker-compose.yml b/docker-compose.yml
index 7dd743ee..1f7a1f88 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -58,26 +58,14 @@ services:
         PROJECT_DOMAIN: ${PROJECT_DOMAIN}
         PORT: ${PORT}
         PUMA_PORT: ${PUMA_PORT}
-        SSL_PORT: ${SSL_PORT}
-        RAILS_ENV: ${RAILS_ENV}
     depends_on:
       - app
     env_file:
       - .env
     ports:
       - ${PORT}:${PORT}
-      - ${SSL_PORT}:${SSL_PORT}
-    volumes:
-      - ./certbot/www:/var/www/certbot/:ro
-      - ./certbot/conf/:/etc/nginx/ssl/:ro
     restart: always
 
-  certbot:
-    image: certbot/certbot:latest
-    volumes:
-      - ./certbot/www/:/var/www/certbot/:rw
-      - ./certbot/conf/:/etc/letsencrypt/:rw
-
   mail:
     image: boky/postfix:latest
     environment:
diff --git a/nginx.conf b/nginx.conf
index b8736eb8..8f26dda2 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -3,56 +3,47 @@ upstream rails_app {
 }
 
 server {
-    server_name $PROJECT_DOMAIN;
+   server_name $PROJECT_DOMAIN;
 
-    include /etc/nginx/conf.d/ssl*;
+   root   $RAILS_ROOT/public;
+   index  index.html;
 
-    root   $RAILS_ROOT/public;
-    index  index.html;
+   client_max_body_size 1G;
 
-    client_max_body_size 1G;
+   access_log $RAILS_ROOT/log/nginx.access.log;
+   error_log $RAILS_ROOT/log/nginx.error.log;
 
-    access_log $RAILS_ROOT/log/nginx.access.log;
-    error_log $RAILS_ROOT/log/nginx.error.log;
-
-    # serve static (compiled) assets directly if they exist (for rails production)
-    location ~ ^/(assets|images|javascripts|stylesheets|swfs|system)/   {
-        try_files $uri @rails;
-        access_log off;
-        gzip_static on;
-        # to serve pre-gzipped version
-        expires max;
-        add_header Cache-Control public;
+   # deny requests for files that should never be accessed
+   location ~ /\. {
+      deny all;
+   }
+   location ~* ^.+\.(rb|log)$ {
+      deny all;
+   }
 
-        add_header Last-Modified "";
-        add_header ETag "";
-        break;
-    }
+   # serve static (compiled) assets directly if they exist (for rails production)
+   location ~ ^/(assets|images|javascripts|stylesheets|swfs|system)/   {
+      try_files $uri @rails;
+      access_log off;
+      gzip_static on;
+      # to serve pre-gzipped version
+      expires max;
+      add_header Cache-Control public;
+
+      add_header Last-Modified "";
+      add_header ETag "";
+      break;
+   }
 
    # send non-static file requests to the app server
    location / {
       try_files $uri @rails;
    }
-
-    location @rails {
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_set_header  X-Real-IP  $remote_addr;
-        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $http_host;
-        proxy_redirect off;
-        proxy_pass http://rails_app;
-    }
-}
-
-server {
-    listen $PORT;
-    server_name $PROJECT_DOMAIN;
-
-    location /.well-known/acme-challenge/ {
-        root /var/www/certbot;
-    }
-
-    location / {
-        return 301 https://$host$request_uri;
-    }
+   location @rails {
+      proxy_set_header  X-Real-IP  $remote_addr;
+      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+      proxy_pass http://rails_app;
+   }
 }
diff --git a/web.Dockerfile b/web.Dockerfile
index dcadabab..53d6a2dc 100644
--- a/web.Dockerfile
+++ b/web.Dockerfile
@@ -4,10 +4,7 @@ RUN apt-get update -qq && apt-get -y install apache2-utils
 
 ENV RAILS_ROOT /var/www/barkeeper
 ARG PROJECT_DOMAIN
-ARG PORT
-ARG SSL_PORT
 ARG PUMA_PORT
-ARG RAILS_ENV
 
 WORKDIR $RAILS_ROOT
 
@@ -15,12 +12,8 @@ RUN mkdir log
 
 COPY public public/
 COPY nginx.conf /tmp/docker.nginx
-
-COPY ssl /tmp/docker.ssl
-RUN envsubst '${RAILS_ROOT} ${PROJECT_DOMAIN} ${PUMA_PORT} ${PORT}' < /tmp/docker.nginx > /etc/nginx/conf.d/default.conf
-RUN if [ "$RAILS_ENV" = "production" ]; then envsubst '${PROJECT_DOMAIN} ${SSL_PORT}' < /tmp/docker.ssl > /etc/nginx/conf.d/ssl; fi
+RUN envsubst '${RAILS_ROOT} ${PROJECT_DOMAIN} ${PUMA_PORT}' < /tmp/docker.nginx > /etc/nginx/conf.d/default.conf
 
 EXPOSE ${PORT}
-EXPOSE ${SSL_PORT}
 
 CMD [ "nginx", "-g", "daemon off;" ]