Advertisement
zashkurka

nginx lets encrypt

Jun 3rd, 2024
770
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 4.02 KB | None | 0 0
  1. # Redirect the server's IP address to the default server's hostname.
  2. server {
  3.   listen 80;
  4.   listen [::]:80;
  5.   listen 443 ssl http2;
  6.   listen [::]:443 ssl http2;
  7.  
  8.   server_name 206.189.253.183;
  9.  
  10.   ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  11.   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  12.   ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
  13.  
  14.   return 301 https://example.com$request_uri;
  15. }
  16.  
  17. # Redirect www to main domain.
  18. server {
  19.   listen 80;
  20.   listen [::]:80;
  21.   listen 443 ssl http2;
  22.   listen [::]:443 ssl http2;
  23.  
  24.   server_name www.example.com;
  25.  
  26.   access_log syslog:server=unix:/dev/log,facility=user,tag=dtp main;
  27.  
  28.   ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  29.   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  30.   ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
  31.  
  32.   return 301 https://example.com$request_uri;
  33. }
  34.  
  35. # HTTP links subdomain
  36. server {
  37.   listen 80;
  38.   listen [::]:80;
  39.  
  40.   server_name url660.example.com;
  41.  
  42.   root /srv/example/public;
  43.  
  44.   location ~* ^/.well-known {
  45.     root /srv/example/public;
  46.     allow all;
  47.   }
  48.  
  49.   location / {
  50.  
  51.     proxy_set_header Host $host;
  52.     proxy_set_header X-Real-IP $remote_addr;
  53.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  54.     proxy_set_header X-Forwarded-Proto $scheme;
  55.  
  56.     proxy_send_timeout 300s;
  57.  
  58.     proxy_pass http://sendgrid.net;
  59.   }
  60. }
  61.  
  62. # Added this to get cert for url660 working
  63. server {
  64.   listen       443 ssl;
  65.   listen       [::]:443 ssl;
  66.   server_name url660.example.com;
  67.  
  68.   ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  69.   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  70.   ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
  71.  
  72.   location / {
  73.  
  74.     proxy_set_header Host $host;
  75.     proxy_set_header X-Real-IP $remote_addr;
  76.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  77.     proxy_set_header X-Forwarded-Proto $scheme;
  78.  
  79.     proxy_ssl_session_reuse on;
  80.     proxy_send_timeout 300s;
  81.  
  82.     proxy_pass https://sendgrid.net;
  83.   }
  84. }
  85.  
  86. # Redirect HTTP to HTTPS
  87. server {  
  88.     listen 80;
  89.     listen [::]:80;
  90.     server_name example.com;
  91.  
  92.  
  93.     root /srv/example/public;
  94.  
  95.     location ~* ^/.well-known {
  96.       root /srv/example/public;
  97.       allow all;
  98.     }
  99.  
  100.     location / {
  101.       return 301 https://example.com$request_uri;
  102.     }
  103. }
  104.  
  105.  
  106.  
  107. # Main Server Block to Virtual Host
  108. server {
  109.   listen       443 ssl;
  110.   listen       [::]:443 ssl;
  111.   server_name  example.com;
  112.  
  113.   ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  114.   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  115.   ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
  116.  
  117.   root /srv/example/public;
  118.   index index.html;
  119.   error_page 502 /502.html;
  120.  
  121.   location / {
  122.     #if ($remote_addr != "67.243.133.205") {
  123.       #return 503;
  124.     #}
  125.     try_files $uri @proxy;
  126.   }
  127.  
  128.   #error_page 503 @maintenance;
  129.   #location @maintenance {
  130.     #rewrite ^(.*)$ /maintenance.html break;
  131.   #}
  132.  
  133.   location @proxy {
  134.     proxy_redirect off;
  135.     proxy_http_version 1.1;
  136.     proxy_set_header Upgrade $http_upgrade;
  137.     proxy_set_header Connection $connection_upgrade;
  138.     proxy_set_header Proxy '';
  139.     proxy_set_header Host $http_host;
  140.     proxy_set_header X-Forwarded-Proto $scheme;
  141.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  142.     proxy_set_header X-Real-IP $remote_addr;
  143.  
  144.     set $backend http://127.0.0.1:8000;
  145.     proxy_pass $backend;
  146.   }
  147.  
  148.   location ~ ^/(assets|static|css|styles|stylesheets|js|scripts|javascripts|img|images|fonts|videos|uploads|vendor)/.*\. {
  149.     gzip_static always;
  150.  
  151.     expires 1y;
  152.  
  153.     add_header Cache-Control "public";
  154.     add_header ETag "";
  155.   }
  156.  
  157.   location = /favicon.ico {
  158.     access_log off;
  159.     try_files /favicon.ico =204;
  160.   }
  161.  
  162.   error_page 404 /404.html;
  163.     location = /40x.html {
  164.   }
  165.  
  166.   error_page 500 502 503 504 /50x.html;
  167.     location = /50x.html {
  168.   }
  169. }
  170.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement