Note: If you want to use main_y config, you need a directory of snippets.
$ tree snippets
snippets
├── self-signed.conf
├── ssl
│ ├── portal.crt
│ └── portal.key
└── ssl-params.conf
# Deploy SSL by Certbot | |
server { | |
server_name sibunglon.com; | |
access_log /var/log/nginx/portal-access.log; | |
error_log /var/log/nginx/portal-error.log warn; | |
location / { | |
root /site/public_html/; | |
index index.html index.htm; | |
add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; | |
expires off; | |
} | |
listen 443 ssl; # managed by Certbot | |
ssl_certificate /etc/letsencrypt/live/sibunglon.com/fullchain.pem; # managed by Certbot | |
ssl_certificate_key /etc/letsencrypt/live/sibunglon.com/privkey.pem; # managed by Certbot | |
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
} | |
server { | |
if ($host = sibunglon.com) { | |
return 301 https://$host$request_uri; | |
} # managed by Certbot | |
server_name sibunglon.com; | |
listen 80; | |
return 404; # managed by Certbot | |
} |
# Deploy SSL yourself | |
server { | |
listen 443 ssl; | |
server_name sibunglon.com; | |
access_log /var/log/nginx/portal-access.log; | |
error_log /var/log/nginx/portal-error.log warn; | |
include /snippets/self-signed.conf; | |
include /snippets/ssl-params.conf; | |
client_max_body_size 20M; | |
location / { | |
root /site/public_html/; | |
index index.html index.htm; | |
add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; | |
expires off; | |
} | |
} | |
server { | |
if ($host = sibunglon.com) { | |
return 301 https://$host$request_uri; | |
} | |
server_name sibunglon.com; | |
listen 80; | |
return 404; | |
} |
ssl_certificate /deployments/configurations/nginx/snippets/ssl/portal.crt; | |
ssl_certificate_key /deployments/configurations/nginx/snippets/ssl/portal.key; |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; | |
ssl_prefer_server_ciphers on; |