manual ssl handler edit

docker-compose.yml

@@ -5,22 +5,15 @@ services:
     restart: unless-stopped
 
   nginx:
-    image: jonasal/nginx-certbot:latest
+    image: nginx:alpine  # Switch to plain Nginx (no Certbot)
     container_name: demo-nginx
     restart: unless-stopped
     ports:
       - 8008:80
       - 4433:443
-    environment:
-      - CERTBOT_EMAIL=the.dark.mist23@gmail.com
-      - ENVSUBST_TEMPLATE_SUFFIX=.tmpl  # Enables template processing if needed
     volumes:
       - ./nginx_user_conf.d:/etc/nginx/conf.d/
-      - letsencrypt:/etc/letsencrypt
+      - /home/devroot/demo/certs/fullchain.pem:/etc/nginx/ssl/fullchain.pem:ro  # Mount cert
-      - /home/devroot/demo/certs/fullchain.pem:/etc/nginx/ssl/origin_cert.pem:ro  # Mount cert
+      - /home/devroot/demo/certs/prvkey.pem:/etc/nginx/ssl/privkey.pem:ro  # Mount key
-      - /home/devroot/demo/certs/prvkey.pem:/etc/nginx/ssl/origin_key.key:ro  # Mount key
     depends_on:
       - app
-
-volumes:
-  letsencrypt:

nginx_user_conf.d/server.conf

@@ -1,9 +1,23 @@
 server {
     listen 80;
+    server_name demo.networkwizard.xyz;
+
+    # Optional: Redirect HTTP to HTTPS (access via external port 8008 redirects to 4433)
+    location / {
+        return 301 https://$host:4433$request_uri;
+    }
+}
+
+server {
     listen 443 ssl;
     server_name demo.networkwizard.xyz;
 
-    # SSL config handled by the container image
+    ssl_certificate /etc/nginx/ssl/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+
+    # Optional: Enhance security
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
 
     location / {
         proxy_pass http://app:5000;
@@ -12,6 +26,4 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
-
-    # Redirect HTTP to HTTPS (handled automatically by the image after certs are obtained)
 }