Skip to content

Instantly share code, notes, and snippets.

@jirutka

jirutka/acme-challenge.conf

Created November 24, 2018 15:15
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jirutka/2aafe59b1a39467f75cfb799d49d99f3 to your computer and use it in GitHub Desktop.
Save jirutka/2aafe59b1a39467f75cfb799d49d99f3 to your computer and use it in GitHub Desktop.
Download ZIP
nginx example
Raw
acme-challenge.conf
#
# Server challenge directory for Let's encrypt!
#
location /.well-known/acme-challenge/ {
alias /var/www/acme/;
}
Raw
default.conf
# Default server
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/ssl/acme/www.example.org/fullchain.pem;
ssl_certificate_key /etc/ssl/acme/private/www.example.org/privkey.pem;
include incl/acme-challenge.conf;
location / {
rewrite ^ https://www.example.org$request_uri? permanent;
}
}
Raw
foo.example.org.conf
server {
listen 443 http2 ssl;
server_name foo.example.org;
access_log /var/log/nginx/foo.example.org.access.log main;
error_log /var/log/nginx/foo.example.org.error.log warn;
ssl_certificate /etc/ssl/acme/foo.example.org/fullchain.pem;
ssl_certificate_key /etc/ssl/acme/private/foo.example.org/privkey.pem;
add_header Strict-Transport-Security "max-age=315360000";
location / {
proxy_pass http://internal:8080;
include incl/proxy-headers.conf;
}
}
server {
listen 80;
server_name foo.example.org;
include incl/acme-challenge.conf;
include incl/redirect-https.conf;
}
Raw
proxy-headers.conf
#
# Set common proxy headers
#
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
Raw
redirect-https.conf
location / {
rewrite ^ https://$server_name$request_uri? permanent;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment