From 0cbff0440d85699ad130b1d3ea487f52f5f96914 Mon Sep 17 00:00:00 2001
From: Ruben Fischer <ruben.fischer@onyva.de>
Date: Wed, 11 Feb 2026 11:46:23 +0100
Subject: [PATCH] Simple start

---
 docker-compose.simple.yml | 22 ++++++++++++++
 nginx-site.conf           | 60 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+)
 create mode 100644 docker-compose.simple.yml
 create mode 100644 nginx-site.conf

diff --git a/docker-compose.simple.yml b/docker-compose.simple.yml
new file mode 100644
index 0000000..f654986
--- /dev/null
+++ b/docker-compose.simple.yml
@@ -0,0 +1,22 @@
+version: '3.8'
+
+services:
+  linkedin-posts:
+    build: .
+    container_name: linkedin-posts
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:8001:8001"  # Nur lokal erreichbar
+    env_file:
+      - .env
+    environment:
+      - PYTHONPATH=/app
+      - PORT=8001
+    volumes:
+      - ./logs:/app/logs
+    healthcheck:
+      test: ["CMD", "python", "-c", "import httpx; httpx.get('http://localhost:8001/login', timeout=5)"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
diff --git a/nginx-site.conf b/nginx-site.conf
new file mode 100644
index 0000000..a3aa783
--- /dev/null
+++ b/nginx-site.conf
@@ -0,0 +1,60 @@
+# Nginx Config für linkedin.onyva.dev
+# Füge das zur bestehenden Nginx-Config hinzu (z.B. in Coolify oder /etc/nginx/sites-available/)
+
+server {
+    listen 80;
+    server_name linkedin.onyva.dev;
+
+    # Let's Encrypt ACME Challenge (für SSL)
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    # Redirect zu HTTPS
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name linkedin.onyva.dev;
+
+    # SSL Zertifikate (passe den Pfad an)
+    ssl_certificate /etc/letsencrypt/live/linkedin.onyva.dev/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/linkedin.onyva.dev/privkey.pem;
+
+    # SSL Settings
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+
+    # Security Headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+
+    # Logs
+    access_log /var/log/nginx/linkedin-access.log;
+    error_log /var/log/nginx/linkedin-error.log;
+
+    # Client Max Body Size (für Bild-Uploads)
+    client_max_body_size 10M;
+
+    # Proxy zu Docker Container
+    location / {
+        proxy_pass http://127.0.0.1:8001;
+        proxy_http_version 1.1;
+
+        # Proxy Headers
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Timeouts
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+}