Last active
January 16, 2024 17:36
-
-
Save aa-ahmed-aa/69ce47b4ef5a19b5afa6052022e9c4b2 to your computer and use it in GitHub Desktop.
These nginx config will serve `https://storkplus.com`, `https://auth-api.storkplus.com` and any subdomain of `storkplus.com`
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Storak Auth UI | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name storkplus.com; | |
return 301 https://$host$request_uri; | |
} | |
server { | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
server_name storkplus.com; | |
root /var/www/html/storkplus_auth_ui; | |
ssl_certificate /etc/letsencrypt/live/storkplus.com-0001/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/storkplus.com-0001/privkey.pem; | |
include /etc/letsencrypt/options-ssl-nginx.conf; | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
location / { | |
try_files $uri /index.html; | |
} | |
} | |
# Storak Auth API | |
server { | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
server_name auth-api.storkplus.com; | |
ssl_certificate /etc/letsencrypt/live/auth-api.storkplus.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/auth-api.storkplus.com/privkey.pem; | |
include /etc/letsencrypt/options-ssl-nginx.conf; | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
location / { | |
proxy_pass http://localhost:3000; | |
} | |
} | |
# Storak Plus (symfony) | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name *.storkplus.com; | |
return 301 https://$host$request_uri; | |
} | |
server { | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
server_name *.storkplus.com; | |
root /var/www/html/storkplus_test; | |
ssl_certificate /etc/letsencrypt/live/storkplus.com-0002/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/storkplus.com-0002/privkey.pem; | |
include /etc/letsencrypt/options-ssl-nginx.conf; | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
location / { | |
try_files $uri /index.html; | |
} | |
} |
Autorenewal
By default certbot comes with auto-renewal enabled except for the wildcard certificate you need to make sure the CA need to validate you own the domain by appending TXT record on your domain
to check if autorenewal is working you can run sudo certbot renew --dry-run
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Redirect subdomains and main one to specific locations
This NGINX config will serve
https://storkplus.com
,https://auth-api.storkplus.com
and any subdomain ofstorkplus.com
but you will need to generate a certificate for this domain in the certificate paths mentioned above we will use certbot
storkplus.com
andauth-api.storkplus.com
for the static subdomain (auth-ui) and domain (storkplus.com) you can easily use certbot
certbot --nginx
and continue with the wizard it will generate the certificate and modif ythe records indefault
file (file attached abbove after certbot edited it)generate wildcard certificate
you have two options
option #1
Is to use certbot-dns-godaddy
option #2
Is to use follow generate wildcard certificate guide for certbot