Last active
June 25, 2020 16:45
-
-
Save cite/6740733 to your computer and use it in GitHub Desktop.
SSL/SNI for s9y blog.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # HTTP server for redirects only | |
| server { | |
| server_name www.incertum.net incertum.net www.stefan-foerster.de stefan-foerster.de; | |
| listen 80 default_server; | |
| listen [::]:80 ipv6only=on default_server; | |
| return 301 https://$host$request_uri; | |
| } | |
| # (www\.)?incertum.net - SSL | |
| server { | |
| ssl_certificate /etc/ssl/private/www.incertum.net.crt.nginx; | |
| ssl_certificate_key /etc/ssl/private/www.incertum.net.key; | |
| listen 443 ssl default_server; | |
| listen [2a01:4f8:140:4422:5054:ff:fec8:b1c5]:443 ssl default_server; | |
| server_name www.incertum.net incertum.net; | |
| include /etc/nginx/common-ssl; | |
| include /etc/nginx/sites-available/s9y.conf; | |
| } | |
| # (www\.)?stefan-foerster.de - SSL | |
| server { | |
| ssl_certificate /etc/ssl/private/www.stefan-foerster.de.crt.nginx; | |
| ssl_certificate_key /etc/ssl/private/www.stefan-foerster.de.key; | |
| listen 443 ssl; | |
| listen [2a01:4f8:140:4422::b]:443 ssl default_server; | |
| server_name www.stefan-foerster.de stefan-foerster.de; | |
| include /etc/nginx/common-ssl; | |
| include /etc/nginx/sites-available/s9y.conf; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The part I was missing in getting my s9y working with SSL/SNI was changing the site URL in main configuration to be protocol-relative:
//domaininstead ofhttp://domain