Note: If you want to use main_y config, you need a directory of snippets.
$ tree snippets
snippets
├── self-signed.conf
├── ssl
│ ├── portal.crt
│ └── portal.key
└── ssl-params.conf
Created
February 29, 2020 19:14
-
-
Save icarrr/b6d594bd59f0123b8cb0f71824f9ef89 to your computer and use it in GitHub Desktop.
example conf nginx using ssl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Deploy SSL by Certbot | |
| server { | |
| server_name sibunglon.com; | |
| access_log /var/log/nginx/portal-access.log; | |
| error_log /var/log/nginx/portal-error.log warn; | |
| location / { | |
| root /site/public_html/; | |
| index index.html index.htm; | |
| add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; | |
| expires off; | |
| } | |
| listen 443 ssl; # managed by Certbot | |
| ssl_certificate /etc/letsencrypt/live/sibunglon.com/fullchain.pem; # managed by Certbot | |
| ssl_certificate_key /etc/letsencrypt/live/sibunglon.com/privkey.pem; # managed by Certbot | |
| include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
| } | |
| server { | |
| if ($host = sibunglon.com) { | |
| return 301 https://$host$request_uri; | |
| } # managed by Certbot | |
| server_name sibunglon.com; | |
| listen 80; | |
| return 404; # managed by Certbot | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Deploy SSL yourself | |
| server { | |
| listen 443 ssl; | |
| server_name sibunglon.com; | |
| access_log /var/log/nginx/portal-access.log; | |
| error_log /var/log/nginx/portal-error.log warn; | |
| include /snippets/self-signed.conf; | |
| include /snippets/ssl-params.conf; | |
| client_max_body_size 20M; | |
| location / { | |
| root /site/public_html/; | |
| index index.html index.htm; | |
| add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; | |
| expires off; | |
| } | |
| } | |
| server { | |
| if ($host = sibunglon.com) { | |
| return 301 https://$host$request_uri; | |
| } | |
| server_name sibunglon.com; | |
| listen 80; | |
| return 404; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssl_certificate /deployments/configurations/nginx/snippets/ssl/portal.crt; | |
| ssl_certificate_key /deployments/configurations/nginx/snippets/ssl/portal.key; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; | |
| ssl_prefer_server_ciphers on; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment