From 1bb055ae0ec7e444ae0e22ffacfcf45a121fa5d6 Mon Sep 17 00:00:00 2001
From: thomasabishop <thomasabishop@tuta.com>
Date: Sun, 10 Aug 2025 16:43:39 +0100
Subject: [PATCH] feat: add proxy routing for garage (S3)

---
 proxy/nginx/conf.d/s3.conf         | 42 ++++++++++++++++++++++++++++++
 scripts/regenerate_certificates.sh |  4 ++-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 proxy/nginx/conf.d/s3.conf

diff --git a/proxy/nginx/conf.d/s3.conf b/proxy/nginx/conf.d/s3.conf
new file mode 100644
index 0000000..7ad2d3d
--- /dev/null
+++ b/proxy/nginx/conf.d/s3.conf
@@ -0,0 +1,42 @@
+# HTTP configuration
+# -- Redirect all HTTP requests to HTTPS port
+server {
+	listen 80; # HTTP port
+	server_name s3.systemsobscure.net;
+	location / {
+		return 301 https://$host$request_uri; # Variable is a placeholder for all requests to the server name
+	}
+}
+
+# HTTPS configuration 
+
+server {
+	listen 443 ssl;
+	server_name s3.systemsobscure.net;
+
+	# SSL configuration
+	ssl_certificate /etc/letsencrypt/live/systemsobscure.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/systemsobscure.net/privkey.pem;
+
+	# Security headers
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    
+	# Proxy Configuration
+  location / {
+		proxy_pass http://127.0.0.1:3900;
+		proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
+		# CORS headers for web access
+    add_header Access-Control-Allow-Origin *;
+		add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
+    add_header Access-Control-Allow-Headers "Authorization, Content-Type";
+        
+    # Handle preflight requests
+    if ($request_method = 'OPTIONS') {
+			return 204;
+    }
+  }
+}
diff --git a/scripts/regenerate_certificates.sh b/scripts/regenerate_certificates.sh
index d6c65ad..78cf1af 100755
--- a/scripts/regenerate_certificates.sh
+++ b/scripts/regenerate_certificates.sh
@@ -21,7 +21,9 @@ sudo certbot certonly --standalone \
 	-d linkding.systemsobscure.net \
 	-d miniflux.systemsobscure.net \
 	-d systemsobscure.blog \
-	-d www.systemsobscure.blog
+	-d www.systemsobscure.blog \
+	-d s3.systemsobscure.net
+
 echo "INFO Confirming certificate creation..."
 
 sudo certbot certificates