From 681888b47615e62c2f219a8538a0252feb89f400 Mon Sep 17 00:00:00 2001
From: alec_dev <acwhite211@gmail.com>
Date: Mon, 8 Sep 2025 22:38:10 -0500
Subject: [PATCH 1/5] Update nginx service volumes in docker-compose

Comment out specific volume mounts for SSL certificates and add new volume mounts for Let's Encrypt and access logs.
---
 docker-compose.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 3f456de..33a5a46 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,6 +3,8 @@ version: '3.9'
 services:
   nginx:
     build: https://github.com/specify/nginx-with-github-auth.git#main
+    # build:
+      # context: ~/nginx-with-github-auth
     ports:
       - '80:80'
       - '443:443'
@@ -10,8 +12,10 @@ services:
       - './sp7-stats/config/auth.conf:/etc/nginx/auth.conf:ro'
       - './sp7-stats/config/nginx.conf:/etc/nginx/conf.d/default.conf:ro'
       - './sp7-stats/:/var/www/:ro'
-      - './sp7-stats/config/fullchain.pem:/etc/letsencrypt/live/sp7-stats/fullchain.pem:ro'
-      - './sp7-stats/config/privkey.pem:/etc/letsencrypt/live/sp7-stats/privkey.pem:ro'
+      # - './sp7-stats/config/fullchain.pem:/etc/letsencrypt/live/sp7-stats/fullchain.pem:ro'
+      # - './sp7-stats/config/privkey.pem:/etc/letsencrypt/live/sp7-stats/privkey.pem:ro'
+      - '/etc/letsencrypt:/etc/letsencrypt:ro'
+      - './access-logs/:/var/log/nginx/external/:rw'
     networks:
       - nginx
     depends_on:

From ebffd4e8528e82b2a7e777825cd1c17c35cea689 Mon Sep 17 00:00:00 2001
From: alec_dev <acwhite211@gmail.com>
Date: Mon, 8 Sep 2025 22:39:54 -0500
Subject: [PATCH 2/5] Refactor isa_number assignment with null coalescing

---
 sp7-stats/components/institutions.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sp7-stats/components/institutions.php b/sp7-stats/components/institutions.php
index c7ca017..6246eda 100644
--- a/sp7-stats/components/institutions.php
+++ b/sp7-stats/components/institutions.php
@@ -74,7 +74,8 @@ function compile_institutions($lines_data, $file_name){
 		$institution = $line_data['institution'];
 		$discipline = $line_data['discipline'];
 		$collection = $line_data['collection'];
-		$isa_number = $line_data['isaNumber'];
+		// $isa_number = $line_data['isaNumber'];
+		$isa_number = $line_data['isaNumber'] ?? '';
 		$browser = $line_data['browser'];
 		$domain = $line_data['domain'];
 		$os = $line_data['os'];
@@ -293,4 +294,4 @@ function sort_months($x,$y){
 	file_put_contents(WORKING_LOCATION.'institutions_id.json',json_encode($institutions4));
 	file_put_contents(WORKING_LOCATION.'institutions.json',json_encode($institutions3));
 
-}
\ No newline at end of file
+}

From 132c89c159aefe76831a82c21c9d9f4710035b5a Mon Sep 17 00:00:00 2001
From: alec_dev <acwhite211@gmail.com>
Date: Mon, 8 Sep 2025 22:41:36 -0500
Subject: [PATCH 3/5] Modify Nginx config for HTTPS and access logging

---
 sp7-stats/config/nginx.conf | 48 ++++++++++++++++++++++++++++++-------
 1 file changed, 40 insertions(+), 8 deletions(-)

diff --git a/sp7-stats/config/nginx.conf b/sp7-stats/config/nginx.conf
index 6ac09fa..1f3ce39 100644
--- a/sp7-stats/config/nginx.conf
+++ b/sp7-stats/config/nginx.conf
@@ -1,18 +1,44 @@
+# Outbound DNS for Lua http requests
+# resolver 1.1.1.1 8.8.8.8 valid=300s;
+# resolver_timeout 5s;
+
+# Trust store path on Alpine (nginx:alpine puts the bundle here)
+# lua_ssl_trusted_certificate /etc/ssl/cert.pem;
+# lua_ssl_verify_depth 5;
+
 # See https://github.com/specify/nginx-with-github-auth
 include nginx-with-github-auth/http.conf;
 
-# Redirect HTTP to HTTPs
+# --- HTTP (port 80) ---
 server {
   listen 80 default_server;
-  server_name _;
-  return 301 https://$host$request_uri;
+  listen [::]:80 default_server;
+
+  server_name stats.specifycloud.org;
+
+  # Serve ACME challenge over HTTP without redirect
+  location ^~ /.well-known/acme-challenge/ {
+    root /var/www/stats;
+    try_files $uri =404;
+  }
+
+  # Everything else: redirect to HTTPS
+  location / {
+    return 301 https://$host$request_uri;
+  }
 }
 
+# --- HTTPS (port 443) ---
 server {
   listen 443 ssl default_server;
+  listen [::]:443 ssl default_server;
+
+  server_name stats.specifycloud.org;
+
+  # Use the certbot-standard live path for THIS domain name
+  ssl_certificate     /etc/letsencrypt/live/stats.specifycloud.org-0001/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/stats.specifycloud.org-0001/privkey.pem;
 
-  ssl_certificate /etc/letsencrypt/live/sp7-stats/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/sp7-stats/privkey.pem;
   ssl_session_cache shared:SSL:10m;
   ssl_session_timeout 5m;
   ssl_prefer_server_ciphers on;
@@ -21,19 +47,25 @@ server {
   include nginx-with-github-auth/server.conf;
 
   index index.php index.html;
-  server_name sp7-stats;
   keepalive_timeout 70;
   error_log  /var/log/nginx/error.log;
   access_log /var/log/nginx/access.log;
   root /var/www/;
 
+  # -- added
+  access_log  /var/log/nginx/external/access.log  combined;
+  location = /capture {
+    # access_log /var/log/nginx/capture.log;   # optional separate log
+    access_log  /var/log/nginx/external/access.log  combined;
+    add_header Content-Type text/plain;
+    return 204;
+  }
+
   location ~ ^/.+\.php$ {
     include nginx-with-github-auth/location.conf;
-
     include fastcgi_params;
     fastcgi_pass php:9000;
     fastcgi_index index.php;
     fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
   }
-
 }

From e0dfda1fe32932312b30141c2685dd8c20d32cf3 Mon Sep 17 00:00:00 2001
From: alec_dev <acwhite211@gmail.com>
Date: Mon, 8 Sep 2025 22:42:52 -0500
Subject: [PATCH 4/5] Update require_once path in refresh_data.php

---
 sp7-stats/cron/refresh_data.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sp7-stats/cron/refresh_data.php b/sp7-stats/cron/refresh_data.php
index 6dca7c8..732374e 100644
--- a/sp7-stats/cron/refresh_data.php
+++ b/sp7-stats/cron/refresh_data.php
@@ -5,4 +5,5 @@
 global $no_gui;
 $no_gui = TRUE;
 
-require_once('../refresh_data/index.php');
\ No newline at end of file
+//require_once('../refresh_data/index.php');
+require_once __DIR__ . '/../refresh_data/index.php';

From 5f640b7b9e444462f55b9d130e797bfc15352108 Mon Sep 17 00:00:00 2001
From: alec_dev <acwhite211@gmail.com>
Date: Mon, 8 Sep 2025 22:44:25 -0500
Subject: [PATCH 5/5] Update require_once paths to use dirname function

---
 sp7-stats/refresh_data/index.php | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/sp7-stats/refresh_data/index.php b/sp7-stats/refresh_data/index.php
index 6f58cc8..bdb6710 100644
--- a/sp7-stats/refresh_data/index.php
+++ b/sp7-stats/refresh_data/index.php
@@ -1,6 +1,7 @@
 <?php
 
-require_once('../components/header.php');
+//require_once('../components/header.php');
+require_once dirname(__DIR__) . '/components/header.php';
 
 date_default_timezone_set('UTC');
 //date_default_timezone_set('America/Chicago');
@@ -74,19 +75,23 @@ function prepare_dir($dir,$delete_files=TRUE){
 unset($_GET,$_POST,$_FILES,$_SERVER,$_COOKIE);
 
 //prepare to extract data
-require_once('../components/raw_data.php');
+//require_once('../components/raw_data.php');
+require_once dirname(__DIR__) . '/components/raw_data.php';
 
 //prepare to compile institutions
-require_once('../components/institutions.php');
+//require_once('../components/institutions.php');
+require_once dirname(__DIR__) . '/components/institutions.php';
 
 //prepare to fetch information about user agent strings
-require_once('../components/user_agent_strings.php');
+//require_once('../components/user_agent_strings.php');
+require_once dirname(__DIR__) . '/components/user_agent_strings.php';
 
 //unzip all files
 //run extract_data on each file
 //run compile_institutions on each resulting file
 //run get_data_for_user_agent_string and save new strings
-require_once('../components/unzip.php');
+//require_once('../components/unzip.php');
+require_once dirname(__DIR__) . '/components/unzip.php';
 
 
 
@@ -115,4 +120,4 @@ function prepare_dir($dir,$delete_files=TRUE){
 
 alert('info','Current RAM usage: '.round(memory_get_usage()/1024/1024,2).
 	'MB<br>Max RAM usage: '.round(memory_get_peak_usage()/1024/1024,2).
-	'MB<br>RAM usage limit: '.ini_get('memory_limit'));
\ No newline at end of file
+	'MB<br>RAM usage limit: '.ini_get('memory_limit'));