ddamme05 · ddamme05 · Oct 11, 2025 · Oct 11, 2025 · Oct 11, 2025 · Oct 11, 2025
diff --git a/client/Dockerfile b/client/Dockerfile
@@ -33,9 +33,6 @@ RUN apk add --no-cache curl
 # Remove default nginx config
 RUN rm /etc/nginx/conf.d/default.conf
 
-# Copy custom nginx config
-COPY nginx.conf /etc/nginx/conf.d/
-
 # Copy built files from builder stage with correct ownership
 COPY --from=builder --chown=nginx:nginx /app/dist /usr/share/nginx/html
 

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -20,6 +20,9 @@ services:
   frontend:
     ports:
       - "80:80"
+    volumes:
+      - /etc/letsencrypt:/etc/letsencrypt:ro
+      - ./deployment/nginx/file-storage.conf:/etc/nginx/conf.d/default.conf:ro
 
   datadog:
     environment:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -110,9 +110,11 @@ services:
       app:
         condition: service_healthy
     ports:
-      - "3000:80"  # Dev: host:3000, Prod: change to "80:80" for direct HTTP access
+      - "3000:80"
     # Note: Not using user: "101:101" because tmpfs mounts need root to set permissions
     # Nginx drops privileges internally to nginx user for worker processes
+    volumes:
+      - ./client/nginx.conf:/etc/nginx/conf.d/default.conf:ro
     cap_drop: [ ALL ]
     cap_add: [ NET_BIND_SERVICE, CHOWN, SETUID, SETGID ]  # Needed for nginx to drop privileges
     security_opt: [ "no-new-privileges:true" ]

diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml
@@ -25,8 +25,7 @@ security:
       login: 5
   cors:
     allowed-origins:
-      - https://app.example.com    # put your real frontend(s) here
-      # - https://admin.example.com
+      - https://managefiles.duckdns.org
     allowed-headers:
       - Authorization
       - Content-Type