multiple configs depending on wether or not we have cert

html/css/styles.css

@@ -1,13 +1,11 @@
-html {
-    height: 100%;
-    margin: 0;
-}
-
 body {
-    font-family: "Times New Roman", Times, serif;
+    height: 100%;
-    display: flexbox;
+    width: 100%;
+    margin: 1vw;
 
     background-image: linear-gradient(to bottom, aqua, blue);
+    font-family: "Times New Roman", Times, serif;
+    display: flexbox;
 
     /*background-image: url("../img/background.png");
     background-size: cover;*/
@@ -23,3 +21,13 @@ h3,
 h4 {
     color: black;
 }
+
+.container {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+    height: 100%;
+    width: 100%;
+    background-color: beige;
+}

html/index.html

@@ -13,6 +13,7 @@
         <link rel="stylesheet" href="css/styles.css" />
     </head>
     <body>
+        <div class="container">
             <h1> Welcome </h1>
 
             <h2> whoami?</h2>
@@ -29,5 +30,7 @@
             <a href="shrines/evangelion.html">Evangelion</a>
             <a href="shrines/skipskipbenben.html">Skip skip ben ben</a>
             <a href="shrines/gto.html">GTO</a>
+
+        </div>
     </body>
 </html>

nginx/Dockerfile

@@ -3,11 +3,17 @@ FROM nginx:latest
 
 # Copy template config
 COPY nginx.conf.template /etc/nginx/nginx.conf.template
+COPY nginx_setup.conf.template /etc/nginx/nginx_setup.conf.template
+
+COPY entrypoint.sh /entrypoint.sh
 
 # Update package list and install gettext-base
 RUN apt-get update && apt-get install -y gettext-base
 
 # Replace variables at build time
 ENV BACKEND_HOST=backend
+ENV DOMAIN=example.com
+ENV CERT_PATH=/etc/letsencrypt/live/$DOMAIN
 
-CMD /bin/sh -c "envsubst '\$BACKEND_HOST' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf && nginx -g 'daemon off;'"
+
+ENTRYPOINT ["/entrypoint.sh"]

nginx/entrypoint.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+# Check if certificate exists
+if [ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ] && [ -f "/etc/letsencrypt/live/$DOMAIN/privkey.pem" ]; then
+    echo "Certificates found. Using production nginx config."
+    envsubst '$BACKEND_HOST $DOMAIN' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
+else
+    echo "Certificates NOT found. Using setup nginx config."
+    envsubst '$BACKEND_HOST $DOMAIN' < /etc/nginx/nginx_setup.conf.template > /etc/nginx/nginx.conf
+fi
+
+# Start nginx
+nginx -g 'daemon off;'

nginx/nginx.conf.template

@@ -11,7 +11,7 @@ http {
 
     server {
         listen 80;
-        server_name adam-french.co.uk www.adam-french.co.uk;
+        server_name $DOMAIN www.$DOMAIN;
 
         # Allow Certbot to access the ACME challenge
         location /.well-known/acme-challenge/ {
@@ -28,13 +28,13 @@ http {
 	server {
 		listen 443 ssl;
 		http2 on;
-        server_name adam-french.co.uk www.adam-french.co.uk;
+        server_name $DOMAIN www.$DOMAIN;
 
         root /etc/nginx/html;
         index index.html;
 
-		ssl_certificate /etc/letsencrypt/live/adam-french.co.uk/fullchain.pem;
+		ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
-		ssl_certificate_key /etc/letsencrypt/live/adam-french.co.uk/privkey.pem;
+		ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
 
         location / {
             try_files $uri $uri/ =404;

nginx/nginx_setup.conf.template

@@ -0,0 +1,23 @@
+events {
+    worker_connections 1024;  # required, can be minimal
+}
+
+http {
+    server_tokens off;
+    charset utf-8;
+
+    server {
+        listen 80;
+        server_name $DOMAIN www.$DOMAIN;
+
+        # Only allow Certbot ACME challenge access
+        location /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }
+
+        # All other requests should return 404
+        location / {
+            return 404;
+        }
+    }
+}