62 lines
1.3 KiB
Plaintext
62 lines
1.3 KiB
Plaintext
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
server_tokens off;
|
|
charset utf-8;
|
|
|
|
server {
|
|
listen 80;
|
|
server_name $DOMAIN www.$DOMAIN;
|
|
|
|
# Allow Certbot to access the ACME challenge
|
|
location /.well-known/acme-challenge/ {
|
|
root /var/www/certbot;
|
|
}
|
|
|
|
# Redirect everything else to HTTPS
|
|
location / {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
}
|
|
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
http2 on;
|
|
server_name $DOMAIN www.$DOMAIN;
|
|
|
|
root /etc/nginx/html;
|
|
index index.html;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
|
|
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
location ~ /.well-known/acme-challenge/ {
|
|
root /var/www/certbot;
|
|
}
|
|
|
|
location = /posts {
|
|
return 301 /posts/;
|
|
}
|
|
|
|
location /posts/ {
|
|
proxy_pass http://$BACKEND_HOST:8080/posts;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
}
|
|
|
|
}
|