Skip to content

Instantly share code, notes, and snippets.

@icarrr

icarrr/README.md

Created Feb 29, 2020
Embed
What would you like to do?
example conf nginx using ssl

Note: If you want to use main_y config, you need a directory of snippets.

$ tree snippets
snippets
├── self-signed.conf
├── ssl
│   ├── portal.crt
│   └── portal.key
└── ssl-params.conf
# Deploy SSL by Certbot
server {
server_name sibunglon.com;
access_log /var/log/nginx/portal-access.log;
error_log /var/log/nginx/portal-error.log warn;
location / {
root /site/public_html/;
index index.html index.htm;
add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
expires off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sibunglon.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sibunglon.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sibunglon.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name sibunglon.com;
listen 80;
return 404; # managed by Certbot
}
# Deploy SSL yourself
server {
listen 443 ssl;
server_name sibunglon.com;
access_log /var/log/nginx/portal-access.log;
error_log /var/log/nginx/portal-error.log warn;
include /snippets/self-signed.conf;
include /snippets/ssl-params.conf;
client_max_body_size 20M;
location / {
root /site/public_html/;
index index.html index.htm;
add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
expires off;
}
}
server {
if ($host = sibunglon.com) {
return 301 https://$host$request_uri;
}
server_name sibunglon.com;
listen 80;
return 404;
}
ssl_certificate /deployments/configurations/nginx/snippets/ssl/portal.crt;
ssl_certificate_key /deployments/configurations/nginx/snippets/ssl/portal.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment