From 27d3d1a7e79882444006e52282892f355c7b67af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=9C=D0=B8=D1=85=D0=B0=D0=B8=D0=BB=20=D0=9A=D0=B0=D0=BF?=
 =?UTF-8?q?=D0=B5=D0=BB=D1=8C=D0=BA=D0=BE?= <kornerr@noreply.example.org>
Date: Thu, 9 Oct 2025 22:19:16 +0200
Subject: [PATCH] Configure TLS with Lets Encrypt (#4)

---
 cert.renew |  3 +++
 cert.setup |  3 +++
 nginx/cfg  | 18 ++++++++++++------
 squid/cfg  |  2 +-
 4 files changed, 19 insertions(+), 7 deletions(-)
 create mode 100755 cert.renew
 create mode 100755 cert.setup

diff --git a/cert.renew b/cert.renew
new file mode 100755
index 0000000..e5907d4
--- /dev/null
+++ b/cert.renew
@@ -0,0 +1,3 @@
+#!/bin/bash
+# https://habr.com/ru/articles/735712/
+certbot certonly --manual --preferred-challenges http -d "kornerr.ru"
diff --git a/cert.setup b/cert.setup
new file mode 100755
index 0000000..a2323f6
--- /dev/null
+++ b/cert.setup
@@ -0,0 +1,3 @@
+#!/bin/bash
+# https://habr.com/ru/articles/735712/
+brew install certbot
diff --git a/nginx/cfg b/nginx/cfg
index 079181e..834b7c1 100644
--- a/nginx/cfg
+++ b/nginx/cfg
@@ -1,11 +1,17 @@
+# Redirect HTTP to HTTPS
 server {
-  listen 80 default_server;
-  listen [::]:80 default_server;
+  listen 80;
+  server_name kornerr.ru;
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+  listen 443 ssl;
+  server_name kornerr.ru;
+
+  ssl_certificate /etc/encrypt/fullchain.pem;
+  ssl_certificate_key /etc/encrypt/privkey.pem;
 
-  # SSL configuration
-  #
-  # listen 443 ssl default_server;
-  # listen [::]:443 ssl default_server;
   #
   # Note: You should disable gzip for SSL traffic.
   # See: https://bugs.debian.org/773332
diff --git a/squid/cfg b/squid/cfg
index e2203c2..9f3c130 100644
--- a/squid/cfg
+++ b/squid/cfg
@@ -1,4 +1,4 @@
-acl tul src 83.221.16.86
+acl tul src 83.221.16.80
 http_access allow tul
 http_access deny all
 http_port 3128