From 0627d297b07e49f8d75d8ba202d09b2a0950fcf9 Mon Sep 17 00:00:00 2001
From: "Derek Palmer (Creative)" <dp462@cornell.edu>
Date: Fri, 24 May 2024 11:36:11 -0400
Subject: [PATCH 1/5] Updated nginx.conf to leverage AWS ALB vs managing the
 certs inside the app

---
 client/nginx.conf | 71 +++++++----------------------------------------
 1 file changed, 10 insertions(+), 61 deletions(-)

diff --git a/client/nginx.conf b/client/nginx.conf
index 49a2dd16fbe9..110e3606740d 100644
--- a/client/nginx.conf
+++ b/client/nginx.conf
@@ -1,76 +1,25 @@
-# Secure default configuration generated by Mozilla SSL Configuration Generator
-# generated 2024-01-21, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.4, intermediate configuration
-# https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.4&guideline=5.7
-
 server {
     listen 80 default_server;
     listen [::]:80 default_server;
 
-    # To Configure SSL, comment all lines within the Non-SSL section and uncomment all lines under the SSL section. 
-    ########################################  Non-SSL  ########################################
-    server_name localhost;
- 
+    server_name chat.research.cornell.edu;  # Change this to your actual domain name
+
     # Increase the client_max_body_size to allow larger file uploads
-    # The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request
     client_max_body_size 25M;
 
     location /api/ {
         proxy_pass http://api:3080$request_uri;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
     }
 
     location / {
         proxy_pass http://api:3080/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
     }
-
-    ########################################  SSL  ########################################
-#    # Redirect all http traffic to https
-#    location / {
-#        return 301 https://$host$request_uri;
-#    }
 }
-
-#server {
-#    listen 443 ssl http2;
-#    listen [::]:443 ssl http2;
-
-#    ssl_certificate /etc/nginx/ssl/nginx.crt;
-#    ssl_certificate_key /etc/nginx/ssl/nginx.key;
-#    ssl_session_timeout 1d;
-#    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
-#    ssl_session_tickets off;
-
-#    # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ssl/dhparam
-#    ssl_dhparam /etc/nginx/ssl/dhparam;
-
-#    # intermediate configuration
-#    ssl_protocols TLSv1.2 TLSv1.3;
-#    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
-#    ssl_prefer_server_ciphers off;
-
-#    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
-#    add_header Strict-Transport-Security "max-age=63072000" always;
-
-#    # OCSP stapling
-#    ssl_stapling on;
-#    ssl_stapling_verify on;
-
-#    # verify chain of trust of OCSP response using Root CA and Intermediate certs
-#    ssl_trusted_certificate /etc/nginx/ssl/ca.crt;
-
-#    # replace with the IP address of your resolver
-#    resolver 127.0.0.1;
-
-#    server_name localhost;
- 
-#    # Increase the client_max_body_size to allow larger file uploads
-#    # The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request
-#    client_max_body_size 25M;
-
-#    location /api {
-#        proxy_pass http://api:3080/api;
-#    }
-
-#    location / {
-#        proxy_pass http://api:3080;
-#    }
-#}

From 9981343165b928a05dcaf4bf3b498a2719358b58 Mon Sep 17 00:00:00 2001
From: "Derek Palmer (Creative)" <dp462@cornell.edu>
Date: Fri, 24 May 2024 11:42:19 -0400
Subject: [PATCH 2/5] Updated proxy_pass urls

---
 client/nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/client/nginx.conf b/client/nginx.conf
index 110e3606740d..3b0715527e93 100644
--- a/client/nginx.conf
+++ b/client/nginx.conf
@@ -8,7 +8,7 @@ server {
     client_max_body_size 25M;
 
     location /api/ {
-        proxy_pass http://api:3080$request_uri;
+        proxy_pass http://localhost:3080$request_uri;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -16,7 +16,7 @@ server {
     }
 
     location / {
-        proxy_pass http://api:3080/;
+        proxy_pass http://localhost:3080/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

From 718f19fc1e4d8ef381de921b074ce30139ccdbd6 Mon Sep 17 00:00:00 2001
From: "Derek Palmer (Creative)" <dp462@cornell.edu>
Date: Fri, 24 May 2024 11:45:17 -0400
Subject: [PATCH 3/5] Removed obsolete docker-compose version syntax

---
 deploy-compose.yml | 1 -
 docker-compose.yml | 2 --
 2 files changed, 3 deletions(-)

diff --git a/deploy-compose.yml b/deploy-compose.yml
index 4a9fbf29e115..e7db4a5d4cea 100644
--- a/deploy-compose.yml
+++ b/deploy-compose.yml
@@ -1,4 +1,3 @@
-version: "3.8"
 services:
   api:
     # build:
diff --git a/docker-compose.yml b/docker-compose.yml
index 55686abd7479..1e2221dcb72a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,3 @@
-version: "3.4"
-
 # Do not edit this file directly. Use a ‘docker-compose.override.yaml’ file if you can.
 # Refer to `docker-compose.override.yaml.example’ for some sample configurations.
 

From 14f15807ba07f1abfd627a232d06bd7a3e307ca3 Mon Sep 17 00:00:00 2001
From: "Derek Palmer (Creative)" <dp462@cornell.edu>
Date: Fri, 24 May 2024 12:26:34 -0400
Subject: [PATCH 4/5] bumped body size for larger uploads

---
 client/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/nginx.conf b/client/nginx.conf
index 3b0715527e93..578d7da72f35 100644
--- a/client/nginx.conf
+++ b/client/nginx.conf
@@ -5,7 +5,7 @@ server {
     server_name chat.research.cornell.edu;  # Change this to your actual domain name
 
     # Increase the client_max_body_size to allow larger file uploads
-    client_max_body_size 25M;
+    client_max_body_size 100M;
 
     location /api/ {
         proxy_pass http://localhost:3080$request_uri;

From 774d60799cae7caa2ff574b05655ce4b0b92b202 Mon Sep 17 00:00:00 2001
From: "Derek Palmer (Creative)" <dp462@cornell.edu>
Date: Fri, 24 May 2024 12:27:36 -0400
Subject: [PATCH 5/5] Added RAIS PR template

---
 PULL_REQUEST_TEMPLATE.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 PULL_REQUEST_TEMPLATE.md

diff --git a/PULL_REQUEST_TEMPLATE.md b/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 000000000000..6b3fae314c3d
--- /dev/null
+++ b/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,26 @@
+## Description
+
+Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change.
+
+## Type of Change
+
+Please delete options that are not relevant to your pull request.
+
+- *Bug fix* (non-breaking change which fixes an issue)
+- *New feature* (non-breaking change which adds functionality)
+- *Breaking change* (fix or feature that would cause existing functionality to not work as expected)
+- *Maintenance* (non-breaking change which resolves a CVE, deprecation, or infrastructure issue/change)
+- This change requires a documentation update
+
+## To Test
+
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce.
+
+- Test A
+- Test B
+
+## Notes
+
+Please add any additional information below (if needed):
+
+## Link to Asana task(s):
\ No newline at end of file