Further bag o' hacks for configurable SSL

Dockerfile

@@ -23,6 +23,7 @@ ADD nginx/snikket-common.template /etc/nginx/templates/snikket-common
 ADD nginx/startup.template /etc/nginx/templates/startup
 ADD nginx/http.template /etc/nginx/templates/http
 ADD supervisord.conf /etc/supervisord/supervisord.conf
+ADD cert-monitor.sh /usr/local/bin/cert-monitor.sh
 ADD static /var/www/html/static
 ADD startup.html /var/www/html/index.html
 ADD error-pages /var/www/html/_errors

cert-monitor.sh

@@ -4,7 +4,8 @@ if test -f /etc/nginx/sites-enabled/startup; then
 	rm /etc/nginx/sites-enabled/startup;
 fi
 /usr/local/bin/render-template.sh "/etc/nginx/templates/snikket-common" "/etc/nginx/snippets/snikket-common.conf"
-for proto in http https; do
-	/usr/local/bin/render-template.sh "/etc/nginx/templates/$proto" "/etc/nginx/sites-enabled/$proto";
-done
+proto=http 
+/usr/local/bin/render-template.sh "/etc/nginx/templates/$proto" "/etc/nginx/sites-enabled/$proto";
 /usr/sbin/nginx -s reload
+
+sleep inf

nginx/http.template

@@ -4,14 +4,24 @@ server {
 
     server_name ${SNIKKET_DOMAIN};
     server_name groups.${SNIKKET_DOMAIN};
+
+    include "/etc/nginx/snippets/snikket-common.conf";
+}
+
+server {
+    listen ${SNIKKET_TWEAK_HTTP_PORT};
+    listen [::]:${SNIKKET_TWEAK_HTTP_PORT};
+
     server_name share.${SNIKKET_DOMAIN};
 
-    location /.well-known/acme-challenge {
-        alias /var/www/html/.well-known/acme-challenge;
-    }
+    root /var/www/html;
 
-    location / {
-        return 301 https://$host$request_uri;
+    location /upload/ {
+        client_max_body_size 16M;
+        proxy_pass http://${SNIKKET_TWEAK_INTERNAL_HTTP_HOST}:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT};
+        proxy_set_header  Host            $host;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header  X-Forwarded-Proto https;
     }
 }