From 41612f5d39276bf1d0ac9d910d66ebb105102c68 Mon Sep 17 00:00:00 2001
From: Georges-Leonard Prunet <gprunet@f6r10s16.clusters.42paris.fr>
Date: Tue, 31 Mar 2026 14:21:11 +0200
Subject: [PATCH] https + volume

---
 Transcendence/docker-compose.yml       |  7 +++----
 Transcendence/srcs/backend/dockerfile  |  8 ++++++++
 Transcendence/srcs/backend/index.js    |  9 +++++++--
 Transcendence/srcs/frontend/dockerfile |  2 +-
 Transcendence/srcs/frontend/nginx.conf | 17 ++++++++---------
 5 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/Transcendence/docker-compose.yml b/Transcendence/docker-compose.yml
index 7c8f152..1d3c936 100644
--- a/Transcendence/docker-compose.yml
+++ b/Transcendence/docker-compose.yml
@@ -1,5 +1,5 @@
 volumes:
-  data:
+  pgdata:
 
 networks:
   transcendence:
@@ -12,7 +12,7 @@ services:
     ports:
       - "5432:5432"
     volumes:
-      - data:/var/lib/postgresql/data/pg15/
+      - pgdata:/var/lib/postgresql
     env_file:
       - ../.env
     networks:
@@ -38,8 +38,7 @@ services:
     container_name: frontend
     build: ./srcs/frontend/
     ports:
-      - "8080:8080"
-      - "8443:8443"
+      - "8443:443"
     depends_on:
       - backend
     networks:
diff --git a/Transcendence/srcs/backend/dockerfile b/Transcendence/srcs/backend/dockerfile
index 8b7f0e6..52d525a 100644
--- a/Transcendence/srcs/backend/dockerfile
+++ b/Transcendence/srcs/backend/dockerfile
@@ -1,5 +1,13 @@
 FROM node:20-alpine
 
+RUN apk add --no-cache openssl
+RUN mkdir -p /etc/backend/.ssl
+RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+	-keyout /etc/backend/.ssl/key.pem \
+	-out /etc/backend/.ssl/cert.pem \
+	-subj "/CN=localhost" \
+	-addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
+
 WORKDIR /app
 
 COPY package*.json ./
diff --git a/Transcendence/srcs/backend/index.js b/Transcendence/srcs/backend/index.js
index f098e36..1a80d5a 100644
--- a/Transcendence/srcs/backend/index.js
+++ b/Transcendence/srcs/backend/index.js
@@ -1,5 +1,6 @@
 import express from 'express';
-import http from 'http';
+import https from 'https';
+import fs from 'fs';
 import cors from 'cors';
 import {Server} from 'socket.io';
 import authRouter from './routes/auth.js';
@@ -13,7 +14,11 @@ import setupSocketIO from './services/socket.js';
 import avatarService from './services/avatar.js';
 
 const app = express();
-const server = http.createServer(app);
+const httpsOptions = {
+	key: fs.readFileSync('/etc/backend/.ssl/key.pem'),
+	cert: fs.readFileSync('/etc/backend/.ssl/cert.pem')
+};
+const server = https.createServer(httpsOptions, app);
 const io = new Server(server,
 {
 	cors:
diff --git a/Transcendence/srcs/frontend/dockerfile b/Transcendence/srcs/frontend/dockerfile
index 2b0c466..8688288 100644
--- a/Transcendence/srcs/frontend/dockerfile
+++ b/Transcendence/srcs/frontend/dockerfile
@@ -8,5 +8,5 @@ RUN apk add --no-cache openssl && \
     -addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
 COPY src /usr/share/nginx/html
 COPY nginx.conf /etc/nginx/conf.d/default.conf
-EXPOSE 8080 8443
+EXPOSE 443
 CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/Transcendence/srcs/frontend/nginx.conf b/Transcendence/srcs/frontend/nginx.conf
index 3a8c0c1..4f315b0 100644
--- a/Transcendence/srcs/frontend/nginx.conf
+++ b/Transcendence/srcs/frontend/nginx.conf
@@ -1,13 +1,9 @@
 server {
-    listen 8080;
-    return 301 https://$host:8443$request_uri;
-}
-
-server {
-    listen 8443 ssl;
+    listen 443 ssl;
 
     ssl_certificate /etc/nginx/ssl/cert.pem;
     ssl_certificate_key /etc/nginx/ssl/key.pem;
+    error_page 497 =301 https://$host:8443$request_uri;
 
     root /usr/share/nginx/html;
     index index.html;
@@ -19,7 +15,8 @@ server {
 
     # Backend API
     location /api/ {
-        proxy_pass http://backend:3001;
+        proxy_pass https://backend:3001;
+		proxy_ssl_verify off;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-Proto https;
@@ -27,7 +24,8 @@ server {
 
     # Socket.IO WebSocket proxying
     location /socket.io/ {
-        proxy_pass http://backend:3001;
+        proxy_pass https://backend:3001;
+		proxy_ssl_verify off;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
@@ -40,9 +38,10 @@ server {
     }
 
     location /avatar/ {
-        proxy_pass http://backend:3001/avatar/;
+        proxy_pass https://backend:3001/avatar/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
+        proxy_ssl_verify off;
         proxy_hide_header Content-Type;
         add_header Cache-Control "public, max-age=3600";
     }