From 4bf61e0ef0bb730a61323c696debbff663eb6c7e Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Fri, 12 Mar 2021 14:15:53 -0800
Subject: [PATCH 1/2] Updates production install instructions

---
 README.md          | 3 ++-
 nginx/default.conf | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 98ce9c76..8d8f1917 100644
--- a/README.md
+++ b/README.md
@@ -169,10 +169,11 @@ Instructions for running BookWyrm in production:
    - Set a secure database password for postgres
  - Update your nginx configuration in `nginx/default.conf`
    - Replace `your-domain.com` with your domain name
+   - If you aren't using the `www` subdomain, remove the www.your-domain.com version of the domain from the `server_name` in the first server block in `nginx/default.conf` and remove the `-d www.${DOMAIN}` flag at the end of the `certbot` command in `docker-compose.yml`.
  - Run the application (this should also set up a Certbot ssl cert for your domain) with
   `docker-compose up --build`, and make sure all the images build successfully
  - When docker has built successfully, stop the process with `CTRL-C`
- - Comment out the `command: certonly...` line in `docker-compose.yml`
+ - Comment out the `command: certonly...` line in `docker-compose.yml`, and uncomment the following line (`command: renew ...`) so that the certificate will be automatically renewed.
  - Run docker-compose in the background with: `docker-compose up -d`
  - Initialize the database with: `./bw-dev initdb`
 
diff --git a/nginx/default.conf b/nginx/default.conf
index 8ba8ec55..d32d606f 100644
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -13,8 +13,8 @@ server {
         root /var/www/certbot;
     }
 
-    # redirect http to https www
-    return 301 https://www.your-domain.com$request_uri;
+    # redirect http to https
+    return 301 https://your-domain.com$request_uri;
 }
 
 server {

From 28160137d0adb444fd989cd6c830764bd487b57e Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Fri, 12 Mar 2021 14:34:00 -0800
Subject: [PATCH 2/2] Comments out https part of nginx config to certbot can
 run

---
 README.md          |  1 +
 nginx/default.conf | 64 +++++++++++++++++++++++-----------------------
 2 files changed, 33 insertions(+), 32 deletions(-)

diff --git a/README.md b/README.md
index 8d8f1917..cfe67250 100644
--- a/README.md
+++ b/README.md
@@ -174,6 +174,7 @@ Instructions for running BookWyrm in production:
   `docker-compose up --build`, and make sure all the images build successfully
  - When docker has built successfully, stop the process with `CTRL-C`
  - Comment out the `command: certonly...` line in `docker-compose.yml`, and uncomment the following line (`command: renew ...`) so that the certificate will be automatically renewed.
+ - Uncomment the https redirect and `server` block in `nginx/default.conf` (lines 17-48).
  - Run docker-compose in the background with: `docker-compose up -d`
  - Initialize the database with: `./bw-dev initdb`
 
diff --git a/nginx/default.conf b/nginx/default.conf
index d32d606f..38dcc5ff 100644
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -14,36 +14,36 @@ server {
     }
 
     # redirect http to https
-    return 301 https://your-domain.com$request_uri;
-}
-
-server {
-    listen [::]:443 ssl http2;
-    listen 443 ssl http2;
-
-    server_name your-domain.com;
-
-    # SSL code
-    ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
-
-    location ~ /.well-known/acme-challenge {
-        allow all;
-        root /var/www/certbot;
-    }
-
-    location / {
-        proxy_pass http://web;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $host;
-        proxy_redirect off;
-    }
-
-    location /images/ {
-        alias /app/images/;
-    }
-
-    location /static/ {
-        alias /app/static/;
-    }
+#     return 301 https://your-domain.com$request_uri;
+# }
+#
+# server {
+#     listen [::]:443 ssl http2;
+#     listen 443 ssl http2;
+#
+#     server_name your-domain.com;
+#
+#     # SSL code
+#     ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
+#     ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
+#
+#     location ~ /.well-known/acme-challenge {
+#         allow all;
+#         root /var/www/certbot;
+#     }
+#
+#     location / {
+#         proxy_pass http://web;
+#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#         proxy_set_header Host $host;
+#         proxy_redirect off;
+#     }
+#
+#     location /images/ {
+#         alias /app/images/;
+#     }
+#
+#     location /static/ {
+#         alias /app/static/;
+#     }
 }