From 392a41ba48eeb0286ccdf27ed9ef1c465ff6603c Mon Sep 17 00:00:00 2001
From: Mariusz Kogen <k0gen@pm.me>
Date: Mon, 22 Jan 2024 07:53:27 +0100
Subject: [PATCH 1/5] Implement nginx with ssl

---
 Dockerfile                         |  6 +--
 docker_entrypoint.sh               | 72 +++++++++++++++++++++++++++++-
 manifest.yaml                      |  7 ++-
 scripts/procedures/healthChecks.ts |  2 +-
 4 files changed, 81 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 5052352..ac1ed2b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,10 +9,10 @@ RUN npm cache clean --force && \
     npm run build && \
     rm -rf /root/.npm
 
-FROM busybox:latest AS final
+FROM nginx:alpine3.18 AS final
 
-COPY --from=build /app/dist /primal
-RUN chown -R nobody:nobody /primal
+WORKDIR /usr/share/nginx/html
+COPY --from=build /app/dist ./
 
 ADD ./docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh
 RUN chmod a+x /usr/local/bin/docker_entrypoint.sh
diff --git a/docker_entrypoint.sh b/docker_entrypoint.sh
index 90dddc9..db67bb8 100755
--- a/docker_entrypoint.sh
+++ b/docker_entrypoint.sh
@@ -2,4 +2,74 @@
 
 printf "\n\n [i] Starting Primal ...\n\n"
 
-busybox httpd -f -v -p 3000 -h /primal
+# 
+CONF_FILE="/etc/nginx/conf.d/default.conf"
+NGINX_CONF='server {
+    listen 80;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 8080;
+    listen 3443 ssl http2;
+    ssl_certificate /mnt/cert/main.cert.pem;
+    ssl_certificate_key /mnt/cert/main.key.pem;
+
+    server_name localhost;
+
+    root /usr/share/nginx/html;
+    index index.html index.htm;
+
+    # Gzip settings
+    gzip on;
+    gzip_disable "msie6";
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_min_length 256;
+    gzip_types
+        application/atom+xml
+        application/geo+json
+        application/javascript
+        application/x-javascript
+        application/json
+        application/ld+json
+        application/manifest+json
+        application/rdf+xml
+        application/rss+xml
+        application/xhtml+xml
+        application/xml
+        font/eot
+        font/otf
+        font/ttf
+        image/svg+xml
+        text/css
+        text/javascript
+        text/plain
+        text/xml;
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    error_page 500 502 503 504 /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+}
+'
+echo "$NGINX_CONF" > $CONF_FILE
+
+_term() {
+  echo "Caught SIGTERM signal!"
+  kill -SIGTERM "$primal_process" 2>/dev/null
+}
+
+nginx -g 'daemon off;' &
+primal_process=$!
+
+trap _term SIGTERM
+
+wait $primal_process
diff --git a/manifest.yaml b/manifest.yaml
index 72306ef..90e63be 100644
--- a/manifest.yaml
+++ b/manifest.yaml
@@ -24,6 +24,7 @@ main:
   args: []
   mounts:
     main: /root
+    cert: /mnt/cert
 health-checks:
   web-ui:
     name: Web UI
@@ -34,6 +35,9 @@ properties: ~
 volumes:
   main:
     type: data
+  cert:
+    type: certificate
+    interface-id: main
 interfaces:
   main:
     name: User Interface
@@ -41,10 +45,11 @@ interfaces:
     tor-config:
       port-mapping:
         80: "3000"
+        443: "3443"
     lan-config:
       443:
         ssl: true
-        internal: 3000
+        internal: 8080
     ui: true
     protocols:
       - tcp
diff --git a/scripts/procedures/healthChecks.ts b/scripts/procedures/healthChecks.ts
index 6cdbb22..5d517ea 100644
--- a/scripts/procedures/healthChecks.ts
+++ b/scripts/procedures/healthChecks.ts
@@ -1,5 +1,5 @@
 import { types as T, healthUtil } from "../deps.ts";
 
 export const health: T.ExpectedExports.health = {
-  "web-ui": healthUtil.checkWebUrl("http://primal.embassy:3000")
+  "web-ui": healthUtil.checkWebUrl("http://primal.embassy:8080")
 }
\ No newline at end of file

From 4c2a0e8c4f2b01f12631b2ca7c4a72ab51307fa0 Mon Sep 17 00:00:00 2001
From: Mariusz Kogen <k0gen@pm.me>
Date: Mon, 22 Jan 2024 08:06:19 +0100
Subject: [PATCH 2/5] Update use of http2 listen directive to align with
 deprecation

---
 docker_entrypoint.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker_entrypoint.sh b/docker_entrypoint.sh
index db67bb8..ab0079e 100755
--- a/docker_entrypoint.sh
+++ b/docker_entrypoint.sh
@@ -11,7 +11,8 @@ NGINX_CONF='server {
 
 server {
     listen 8080;
-    listen 3443 ssl http2;
+    listen 3443 ssl;
+    http2 on;
     ssl_certificate /mnt/cert/main.cert.pem;
     ssl_certificate_key /mnt/cert/main.key.pem;
 

From 6b938b7d1d2b96ba000885ea0e70a3f770c75022 Mon Sep 17 00:00:00 2001
From: Mariusz Kogen <k0gen@pm.me>
Date: Mon, 22 Jan 2024 08:08:38 +0100
Subject: [PATCH 3/5] WTH is k0gen? ;)

---
 manifest.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.yaml b/manifest.yaml
index 90e63be..a89eec6 100644
--- a/manifest.yaml
+++ b/manifest.yaml
@@ -4,7 +4,7 @@ title: "Primal"
 version: 0.93.14
 release-notes: "Initial release of Primal for StartOS"
 license: MIT
-wrapper-repo: "https://github.com/k0gen/primal-startos"
+wrapper-repo: "https://github.com/PrimalHQ/primal-startos"
 upstream-repo: "https://github.com/PrimalHQ/primal-web-app"
 support-site: "https://github.com/PrimalHQ/primal-web-app/issues"
 marketing-site: "https://primal.net/"

From 1e1ee39eee6353517618150c629caab8cb75b089 Mon Sep 17 00:00:00 2001
From: Mariusz Kogen <k0gen@pm.me>
Date: Mon, 22 Jan 2024 08:11:30 +0100
Subject: [PATCH 4/5] Fix interfaces description

---
 manifest.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.yaml b/manifest.yaml
index a89eec6..c0d64cc 100644
--- a/manifest.yaml
+++ b/manifest.yaml
@@ -41,7 +41,7 @@ volumes:
 interfaces:
   main:
     name: User Interface
-    description: A simple user interface that is expected to display the text "Hello Word"
+    description: Main user interface for interacting with Primal in a web browser.
     tor-config:
       port-mapping:
         80: "3000"

From 8f63770dae6f7e0dfa28975441537f24227dcdd3 Mon Sep 17 00:00:00 2001
From: Mariusz Kogen <k0gen@pm.me>
Date: Wed, 24 Jan 2024 05:52:29 +0100
Subject: [PATCH 5/5] Add simple WPA + instructions update

---
 docker_entrypoint.sh | 95 ++++++++++++++++++++++++++++++++++++++++++++
 instructions.md      |  5 ++-
 2 files changed, 98 insertions(+), 2 deletions(-)

diff --git a/docker_entrypoint.sh b/docker_entrypoint.sh
index ab0079e..7845dff 100755
--- a/docker_entrypoint.sh
+++ b/docker_entrypoint.sh
@@ -63,6 +63,101 @@ server {
 '
 echo "$NGINX_CONF" > $CONF_FILE
 
+cd /usr/share/nginx/html
+cat <<EOF >service-worker.js
+// Define the cache name for versioning
+const CACHE_NAME = 'primal-pwa-cache-v1';
+
+// Specify the assets to cache
+const ASSETS_TO_CACHE = [
+  '/',
+  '/index.html',
+  '/$(ls assets/index-*.js)',
+  '/$(ls assets/index-*.css)',
+  '/$(ls assets/favicon-*.ico)',
+  '/public/fonts.css',
+  // Add all other assets like images, fonts from the public directory
+  '/public/Nacelle/Nacelle-Regular.otf',
+  '/public/RobotoCondensed/RobotoCondensed-Regular.ttf',
+  // ... other font files and assets
+];
+
+self.addEventListener('install', event => {
+  event.waitUntil(
+    caches.open(CACHE_NAME)
+      .then(cache => cache.addAll(ASSETS_TO_CACHE))
+  );
+});
+
+self.addEventListener('activate', event => {
+  event.waitUntil(
+    caches.keys().then(cacheNames => {
+      return Promise.all(
+        cacheNames.map(cache => {
+          if (cache !== CACHE_NAME) {
+            return caches.delete(cache);
+          }
+        })
+      );
+    })
+  );
+});
+
+self.addEventListener('fetch', event => {
+  event.respondWith(
+    caches.match(event.request)
+      .then(response => {
+        // Serve from cache if available, otherwise fetch from network
+        return response || fetch(event.request);
+      })
+  );
+});
+EOF
+
+cat << EOF >manifest.json
+{
+  "name": "Primal",
+  "short_name": "Primal",
+  "icons": [
+    {
+      "src": "public/primal-logo-large.png",
+      "sizes": "512x512",
+      "type": "image/png"
+    }
+  ],
+  "start_url": ".",
+  "display": "fullscreen",
+  "orientation": "portrait"
+}
+EOF
+
+HTML_FILE="/usr/share/nginx/html/index.html"
+
+# Define the line to insert after
+INSERT_AFTER='<\/title>'
+
+# Define the manifest code to insert
+INSERT_CODE='    <link rel="manifest" href="manifest.json">'
+
+# Use sed to insert the code
+sed -i "s|$INSERT_AFTER|$INSERT_AFTER\n$INSERT_CODE|" $HTML_FILE
+
+# Define the worker code to be injected
+CODE='    <script>\
+    if ('"'"'serviceWorker'"'"' in navigator) {\
+      window.addEventListener('"'"'load'"'"', function() {\
+        navigator.serviceWorker.register('"'"'service-worker.js'"'"').then(function(registration) {\
+          console.log('"'"'ServiceWorker registration successful with scope: '"'"', registration.scope);\
+        }, function(err) {\
+          console.log('"'"'ServiceWorker registration failed: '"'"', err);\
+        });\
+      });\
+    }\
+  </script>'
+
+# Use awk to inject the worker code after the specified line
+awk -v code="$CODE" '/lottie-player.js"><\/script>/ { print; print code; next }1' $HTML_FILE > temp.html && mv temp.html $HTML_FILE
+
 _term() {
   echo "Caught SIGTERM signal!"
   kill -SIGTERM "$primal_process" 2>/dev/null
diff --git a/instructions.md b/instructions.md
index 4fc164f..8b636fe 100644
--- a/instructions.md
+++ b/instructions.md
@@ -6,5 +6,6 @@
 4. Choose to **Create Account** or if you already have a Nostr account, click **Login**.
 5. Follow the onscreen instructions.
 
-Now, you're all set to explore the Nostr world in a sovereign fashion.
-Enjoy! 😊
+**Note:** While it's possible to use the Primal web app on your mobile device, we currently recommend using the dedicated mobile app for Android and iOS for a better user experience.
+
+Enjoy exploring the Nostr world in a sovereign fashion! 😊