fix:Fix the issue of nginx address occupation during the process of obtaining ssl certificates using certbot

backend/docker/Dockerfile

@@ -42,17 +42,8 @@ RUN npm install -g pnpm pm2
 #echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | tee /etc/apt/sources.list.d/yarn.list
 #apt update && apt-get install yarn -y
 
-## Install Nginx with HTTP/3 support
-RUN apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring && \
-    curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
-    | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \
-    gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg && \
-    echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
-    http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
-     | tee /etc/apt/sources.list.d/nginx.list && \
-    echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
-     | sudo tee /etc/apt/preferences.d/99nginx && \
-    apt update && apt install nginx
+## Install Nginx
+RUN apt install nginx
 
 #clean up
 RUN apt-get clean autoclean

backend/docker/Nginx/default

@@ -6,26 +6,11 @@ return 301 https://$server_name$request_uri;
 
 server {
 
-# No longer listening on public 443/TCP, change to listening on internal port
-
-listen 127.0.0.1:4443 ssl http2; # Listen on TCP port 443, supporting HTTP/2 and SSL
-
-# QUIC/HTTP3 continues to listen on public UDP 443
-
-listen 443 quic reuseport; # Listen on UDP port 443 for QUIC and HTTP/3 # 'reuseport' allows multiple worker processes to share the same port, recommended for QUIC
-
-    # Ensure that the SSL protocol includes at least TLSv1.3, as HTTP/3 requires TLSv1.3
-    ssl_protocols TLSv1.3 TLSv1.2; # Make sure TLSv1.3 is at the front
-
-    # Add HTTP/3 specific headers to inform the browser that HTTP/3 is available
-    # Alt-Svc (Alternative Service) header
-    # h3=":443" indicates that HTTP/3 is available on the current domain and port 443
-    # ma=86400 means this information is cached for 24 hours (86400 seconds)
-    add_header Alt-Svc 'h3=":443"; ma=86400';
-
-    # (Optional, but recommended) Enable 0-RTT data to further reduce latency
-    # Requires support from both client and server
-    ssl_early_data on;
+    # No longer listening on public 443/TCP, change to listening on internal port
+    listen 127.0.0.1:4443 ssl;
+    http2 on;
+    
+    ssl_protocols TLSv1.2 TLSv1.3;
 
     server_name YourDomain www.YourDomain;
 

backend/docker/env_install.sh

@@ -16,37 +16,7 @@ sudo apt-get update
 sudo apt install -y nodejs
 sudo npm install -g pnpm pm2
 
-# Install Nginx (with HTTP/3 support, Ubuntu example)
-# Reference: https://nginx.org/en/linux_packages.html#Ubuntu
-
-# 1.  **Install prerequisites:**
-    
-sudo apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
-    
-# 2.  **Import Nginx signing key:**
-    
-curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
-    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
-    
-# 3.  **Verify the key:**
-    
-gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
-# Expected fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
-    
-# 4.  **Set up the apt repository for stable Nginx packages:**
-    
-echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
-http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
-    | sudo tee /etc/apt/sources.list.d/nginx.list
-    
-# 5.  **Set up repository pinning:**
-    
-echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
-    | sudo tee /etc/apt/preferences.d/99nginx
-    
-# 6.  **Install Nginx:**
-    
-sudo apt update
+# Install Nginx
 sudo apt install -y nginx
 
 sudo apt-get clean autoclean

docs/DEPLOYMENT.md

@@ -117,14 +117,16 @@ In production, Nginx will act as the entry point for all traffic, handling SSL t
       ```
       Then, edit `frontend/.env.production` to set `NEXT_PUBLIC_API_URL` to your backend service domain (e.g., `https://privydrop.app`).
 
-2.  **Install Nginx:** It's recommended to install a newer version that supports HTTP/3.
+2.  **Install Nginx:**
+    ```bash
+    sudo apt install -y nginx
+    ```
 
 3.  **Firewall:**
     Open 'Nginx Full' default ports and 443/udp:
 
     ```bash
         sudo ufw allow 'Nginx Full'
-        sudo ufw allow 443/udp
         sudo ufw reload # or ufw enable
     ```
 

docs/DEPLOYMENT.zh-CN.md

@@ -117,14 +117,15 @@ cd backend && npm run build && cd ..
       ```
       然后编辑 `frontend/.env.production`，配置 `NEXT_PUBLIC_API_URL` 为您的后端服务域名 (例如 `https://privydrop.app`)。
 
-2.  **安装 Nginx:** 推荐安装支持 HTTP/3 的较新版本。
-
+2.  **安装 Nginx:**
+    ```bash
+    sudo apt install -y nginx
+    ```
 3.  **防火墙:**
     打开'Nginx Full'默认端口以及 443/udp
 
     ```bash
         sudo ufw allow 'Nginx Full'
-        sudo ufw allow 443/udp
         sudo ufw reload # 或 ufw enable
     ```