Skip to content

Instantly share code, notes, and snippets.

@jokesterfr

jokesterfr/Nginx conf for let's encrypt

Created February 24, 2016 13:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jokesterfr/790b87c955a2516492f7 to your computer and use it in GitHub Desktop.
Save jokesterfr/790b87c955a2516492f7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Nginx conf for let's encrypt
# Redirects www
server {
server_name www.domain.tld;
return 301 $scheme://domain.tld$request_uri;
}
# Serve HTTP
server {
listen 80;
server_name domain.tld;
# Let's encrypt challenge
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /home/http/letsencrypt-auto;
}
# Forbidds let's encrypt folder listing
location = /.well-known/acme-challenge/ {
return 404;
}
location / {
return 301 https://$server_name$request_uri;
}
}
# Serve HTTPS
server {
listen 443 ssl;
server_name domain.tld;
access_log /var/log/nginx/domain.tld.access.log;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
location / {
root /srv/http/static.domain.tld;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment