|
|
@ -1,5 +1,4 @@ |
|
|
|
# redirect http to https |
|
|
|
|
|
|
|
server { |
|
|
|
listen [::]:80; |
|
|
|
server_name {{ second_domains }}; |
|
|
@ -7,31 +6,17 @@ server { |
|
|
|
} |
|
|
|
|
|
|
|
# conf for https |
|
|
|
|
|
|
|
server { |
|
|
|
listen [::]:443; |
|
|
|
server_name {{ second_domains }}; |
|
|
|
|
|
|
|
|
|
|
|
# conf for LE ACME |
|
|
|
location ~ /.well-known/acme-challenge/ { |
|
|
|
default_type "text/plain"; |
|
|
|
root /var/lib/acme/challenges ; |
|
|
|
} |
|
|
|
location = /.well-known/acme-challenge/ { |
|
|
|
return 404; |
|
|
|
} |
|
|
|
include /etc/nginx/includes/le-acme.conf; |
|
|
|
include /etc/nginx/includes/ssl.conf ; |
|
|
|
include /etc/nginx/includes/add-headers.conf ; |
|
|
|
|
|
|
|
# TLS conf |
|
|
|
ssl on; |
|
|
|
ssl_certificate /etc/nginx/sites/{{ main_domain }}/{{ main_domain }}.chained; |
|
|
|
ssl_certificate_key /etc/nginx/sites/{{ main_domain }}/{{ main_domain }}.key; |
|
|
|
ssl_session_timeout 5m; |
|
|
|
ssl_prefer_server_ciphers on; |
|
|
|
add_header Strict-Transport-Security max-age=2678400; |
|
|
|
ssl_dhparam /etc/nginx/dh4096.pem; |
|
|
|
ssl_session_cache shared:SSL:50m; |
|
|
|
|
|
|
|
ssl_certificate /etc/nginx/sites/{{ main_domain }}/{{ main_domain }}.chained; |
|
|
|
ssl_certificate_key /etc/nginx/sites/{{ main_domain }}/{{ main_domain }}.key; |
|
|
|
|
|
|
|
# reverse proxy |
|
|
|
location / { |
|
|
@ -42,5 +27,3 @@ server { |
|
|
|
proxy_set_header X-Forwarded-Ssl on; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|