# Quick Start: Nginx Setup for DigiServer v2

## Pre-requisites
- SSL certificates in `./data/nginx-ssl/cert.pem` and `./data/nginx-ssl/key.pem`
- Docker and Docker Compose installed
- Port 80 and 443 available

## Quick Setup (3 steps)

### 1. Generate Self-Signed Certificates
```bash
./generate_nginx_certs.sh localhost 365
```

### 2. Update Nginx Configuration
- Edit `nginx.conf` to set your domain:
  ```nginx
  server_name localhost;  # Change to your domain
  ```

### 3. Start Docker Compose
```bash
docker-compose up -d
```

## Verification

### Check if Nginx is running
```bash
docker ps | grep nginx
```

### Test HTTP → HTTPS redirect
```bash
curl -L http://localhost
```

### Test HTTPS (with self-signed cert)
```bash
curl -k https://localhost
```

### View logs
```bash
docker logs digiserver-nginx
docker exec digiserver-nginx tail -f /var/log/nginx/access.log
```

## Using Production Certificates

### Option A: Let's Encrypt (Free)
1. Install certbot: `apt-get install certbot`
2. Generate cert: `certbot certonly --standalone -d your-domain.com`
3. Copy cert: `cp /etc/letsencrypt/live/your-domain.com/fullchain.pem ./data/nginx-ssl/cert.pem`
4. Copy key: `cp /etc/letsencrypt/live/your-domain.com/privkey.pem ./data/nginx-ssl/key.pem`
5. Fix permissions: `sudo chown 101:101 ./data/nginx-ssl/*`
6. Reload: `docker exec digiserver-nginx nginx -s reload`

### Option B: Commercial Certificate
1. Place your certificate files in `./data/nginx-ssl/cert.pem` and `./data/nginx-ssl/key.pem`
2. Fix permissions: `sudo chown 101:101 ./data/nginx-ssl/*`
3. Reload: `docker exec digiserver-nginx nginx -s reload`

## Troubleshooting

| Issue | Solution |
|-------|----------|
| Port 80/443 in use | `sudo netstat -tlnp \| grep :80` or `:443` |
| Certificate permission denied | `sudo chown 101:101 ./data/nginx-ssl/*` |
| Nginx won't start | `docker logs digiserver-nginx` |
| Connection refused | Check firewall: `sudo ufw allow 80/tcp && sudo ufw allow 443/tcp` |

## File Locations
- Main config: `./nginx.conf`
- SSL certs: `./data/nginx-ssl/`
- Logs: `./data/nginx-logs/`
- Custom domains: `./nginx-custom-domains.conf` (auto-generated)

## Next: Production Setup
1. Update `.env` with your DOMAIN and EMAIL
2. Configure HTTPS settings in admin panel
3. Run: `python nginx_manager.py generate`
4. Test: `docker exec digiserver-nginx nginx -t`
5. Reload: `docker exec digiserver-nginx nginx -s reload`