jmercouris/nginx.conf

## nginx.conf

#user  nobody;
worker_processes  1;

# This default error log path is compiled-in to make sure configuration parsing
# errors are logged somewhere, especially during unattended boot when stderr
# isn't normally logged anywhere. This path will be touched on every nginx
# start regardless of error log location configured here. See
# https://trac.nginx.org/nginx/ticket/147 for more info.
#
#error_log  /var/log/nginx/error.log;
#

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  atlas.engineer;
        return       301 https://$host$request_uri;
    }

    server {
        listen       443 ssl;
        server_name  atlas.engineer;

        ssl_certificate      /usr/local/etc/letsencrypt/live/atlas.engineer/fullchain.pem;
        ssl_certificate_key  /usr/local/etc/letsencrypt/live/atlas.engineer/privkey.pem;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location ~ /.well-known {
            allow all;
        }

        location / {
            try_files $uri @backend;
        }

        location @backend {
            include /usr/local/etc/nginx/fastcgi_params;
            fastcgi_pass  127.0.0.1:9000;
        }
    }
}

########################################################################
# ERROR
########################################################################

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /usr/local/etc/letsencrypt/live/atlas.engineer/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: atlas.engineer
   Type:   unauthorized
   Detail: Invalid response from
   https://atlas.engineer/.well-known/acme-challenge/x2lM_-Gafz43_3WOg5DigEmPHepXzPlKplytKUDFTfo
   [68.183.29.129]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01
   Transitional//EN\"
   \"http://www.w3.org/TR/html4/loose.dtd\"><html><title>Atlas</title>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

	#user nobody;
	worker_processes 1;

	# This default error log path is compiled-in to make sure configuration parsing
	# errors are logged somewhere, especially during unattended boot when stderr
	# isn't normally logged anywhere. This path will be touched on every nginx
	# start regardless of error log location configured here. See
	# https://trac.nginx.org/nginx/ticket/147 for more info.
	#
	#error_log /var/log/nginx/error.log;
	#

	#pid logs/nginx.pid;


	events {
	worker_connections 1024;
	}


	http {
	include mime.types;
	default_type application/octet-stream;

	#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	# '$status $body_bytes_sent "$http_referer" '
	# '"$http_user_agent" "$http_x_forwarded_for"';

	#access_log logs/access.log main;

	sendfile on;
	#tcp_nopush on;

	#keepalive_timeout 0;
	keepalive_timeout 65;

	#gzip on;

	server {
	listen 80;
	server_name atlas.engineer;
	return 301 https://$host$request_uri;
	}

	server {
	listen 443 ssl;
	server_name atlas.engineer;

	ssl_certificate /usr/local/etc/letsencrypt/live/atlas.engineer/fullchain.pem;
	ssl_certificate_key /usr/local/etc/letsencrypt/live/atlas.engineer/privkey.pem;

	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout 5m;

	ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;

	location ~ /.well-known {
	allow all;
	}

	location / {
	try_files $uri @backend;
	}

	location @backend {
	include /usr/local/etc/nginx/fastcgi_params;
	fastcgi_pass 127.0.0.1:9000;
	}
	}
	}

	########################################################################
	# ERROR
	########################################################################

	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	** DRY RUN: simulating 'certbot renew' close to cert expiry
	** (The test certificates below have not been saved.)

	All renewal attempts failed. The following certs could not be renewed:
	/usr/local/etc/letsencrypt/live/atlas.engineer/fullchain.pem (failure)
	** DRY RUN: simulating 'certbot renew' close to cert expiry
	** (The test certificates above have not been saved.)
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	1 renew failure(s), 0 parse failure(s)

	IMPORTANT NOTES:
	- The following errors were reported by the server:

	Domain: atlas.engineer
	Type: unauthorized
	Detail: Invalid response from
	https://atlas.engineer/.well-known/acme-challenge/x2lM_-Gafz43_3WOg5DigEmPHepXzPlKplytKUDFTfo
	[68.183.29.129]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01
	Transitional//EN\"
	\"http://www.w3.org/TR/html4/loose.dtd\"><html><title>Atlas</title>"

	To fix these errors, please make sure that your domain name was
	entered correctly and the DNS A/AAAA record(s) for that domain
	contain(s) the right IP address.