From d48d0b8c476b0236d6f15f11567e04e34b8e2bfe Mon Sep 17 00:00:00 2001
From: Risto Helinko <risto@helinko.com>
Date: Fri, 6 Nov 2020 12:17:06 +0200
Subject: [PATCH 1/6] Add certs to .gitignore

---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index fb58dee..4eb70ee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 .env
 data
+proxy/ssl/misp.crt
+proxy/ssl/misp.key

From 1c92f43fd2f2a66cc6ff54a2a35f8573e38f99be Mon Sep 17 00:00:00 2001
From: Risto Helinko <risto@helinko.com>
Date: Fri, 6 Nov 2020 12:18:05 +0200
Subject: [PATCH 2/6] Use port 443 instead of 4443

---
 docker-compose-nginx.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose-nginx.yml b/docker-compose-nginx.yml
index ddc8394..2eb6e63 100644
--- a/docker-compose-nginx.yml
+++ b/docker-compose-nginx.yml
@@ -9,7 +9,7 @@ services:
     image: misp-proxy:latest
     ports:
       - 80:80
-      - 4443:443
+      - 443:443
 
   web:
     build: web

From fae0b276b3dd014bd1ec2c59357c7af3d63ad5ed Mon Sep 17 00:00:00 2001
From: Risto Helinko <risto@helinko.com>
Date: Fri, 6 Nov 2020 12:18:59 +0200
Subject: [PATCH 3/6] Bump nginx 1.9->1.18

---
 proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proxy/Dockerfile b/proxy/Dockerfile
index 39e6962..cb39c62 100644
--- a/proxy/Dockerfile
+++ b/proxy/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:1.9
+FROM nginx:1.18
 
 #  default conf for proxy service
 COPY ./default.conf /etc/nginx/conf.d/default.conf

From 580ec9f6d3c9a017a2d081d401d7c7da6462a814 Mon Sep 17 00:00:00 2001
From: Risto Helinko <risto@helinko.com>
Date: Fri, 6 Nov 2020 12:19:54 +0200
Subject: [PATCH 4/6] Explicit redirect to https instead of rewrite rule

---
 proxy/default.conf | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/proxy/default.conf b/proxy/default.conf
index 2c4c753..82e0a3b 100644
--- a/proxy/default.conf
+++ b/proxy/default.conf
@@ -1,13 +1,15 @@
-# web service1 config.
 server {
     listen 80;
-    listen 443 ssl http2;
-    server_name web;
+    listen [::]:80;
+    server_name localhost;
+    return 301 https://$server_name$request_uri;
+}
+# web service1 config.
+server {
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+    server_name localhost;
 
-    if ($scheme != "https") {
-    	rewrite ^ https://$host$uri permanent;
-	}
-    
     # Path for SSL config/key/certificate
     ssl_certificate /etc/ssl/certs/nginx/misp.crt;
     ssl_certificate_key /etc/ssl/certs/nginx/misp.key;

From b086a7a40db3f2dc0359480ddf5ba61e1f9c971c Mon Sep 17 00:00:00 2001
From: Risto Helinko <risto@helinko.com>
Date: Fri, 6 Nov 2020 12:21:37 +0200
Subject: [PATCH 5/6] Remove default block from nginx config

---
 proxy/Dockerfile             |  3 ---
 proxy/backend-not-found.html |  6 ------
 proxy/default.conf           | 25 ++-----------------------
 3 files changed, 2 insertions(+), 32 deletions(-)
 delete mode 100644 proxy/backend-not-found.html

diff --git a/proxy/Dockerfile b/proxy/Dockerfile
index cb39c62..60aad83 100644
--- a/proxy/Dockerfile
+++ b/proxy/Dockerfile
@@ -3,9 +3,6 @@ FROM nginx:1.18
 #  default conf for proxy service
 COPY ./default.conf /etc/nginx/conf.d/default.conf
 
-# NOT FOUND response
-COPY ./backend-not-found.html /var/www/html/backend-not-found.html
-
 #  Proxy and SSL configurations
 COPY ./includes/ /etc/nginx/includes/
 
diff --git a/proxy/backend-not-found.html b/proxy/backend-not-found.html
deleted file mode 100644
index bebb95c..0000000
--- a/proxy/backend-not-found.html
+++ /dev/null
@@ -1,6 +0,0 @@
-<html>
-<head><title>Proxy Backend Not Found</title></head>
-<body >
-<h2>Proxy Backend  Not Found</h2>
-</body>
-</html>
diff --git a/proxy/default.conf b/proxy/default.conf
index 82e0a3b..8a0f3f8 100644
--- a/proxy/default.conf
+++ b/proxy/default.conf
@@ -1,10 +1,11 @@
+# plain http redirect to https
 server {
     listen 80;
     listen [::]:80;
     server_name localhost;
     return 301 https://$server_name$request_uri;
 }
-# web service1 config.
+# main server, reverse proxy to 'web' container
 server {
     listen 443 ssl http2 default_server;
     listen [::]:443 ssl http2 default_server;
@@ -23,25 +24,3 @@ server {
     access_log off;
     error_log  /var/log/nginx/error.log error;
 }
-
-# Default
-server {
-    listen 80 default_server;
-
-    server_name _;
-    root /var/www/html;
-
-    charset UTF-8;
-
-    error_page 404 /backend-not-found.html;
-    location = /backend-not-found.html {
-        allow   all;
-    }
-    location / {
-        return 404;
-    }
-
-    access_log off;
-    log_not_found off;
-    error_log  /var/log/nginx/error.log error;
-}

From adba99897262716897588bdd182f0aa9b075d583 Mon Sep 17 00:00:00 2001
From: Risto Helinko <risto@helinko.com>
Date: Mon, 9 Nov 2020 19:25:33 +0200
Subject: [PATCH 6/6] Rename proxy container to prevent clashes

---
 docker-compose-nginx.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose-nginx.yml b/docker-compose-nginx.yml
index 2eb6e63..c5fcfc9 100644
--- a/docker-compose-nginx.yml
+++ b/docker-compose-nginx.yml
@@ -4,7 +4,7 @@ services:
   proxy:
     build:
       context: proxy
-    container_name: proxy
+    container_name: misp_proxy
     restart: unless-stopped
     image: misp-proxy:latest
     ports: