Last active
September 17, 2015 16:51
-
-
Save marklkelly/796d66e7de134fb9ea02 to your computer and use it in GitHub Desktop.
Nginx - generic TLS & non-TLS apex/naked domain redirect configuration.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Stripped down for illustrative purposes. | |
events { | |
worker_connections 1024; | |
} | |
http { | |
include mime.types; | |
default_type application/octet-stream; | |
sendfile on; | |
keepalive_timeout 65; | |
gzip on; | |
server { | |
listen 80; | |
server_name localhost; | |
#access_log logs/host.access.log main; | |
location / { | |
root html; | |
index index.html index.htm; | |
} | |
# redirect server error pages to the static page /50x.html | |
# | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
root html; | |
} | |
} | |
server { | |
listen 443 ssl default_server; | |
ssl_certificate_by_lua ' | |
local ssl = require "ngx.ssl" | |
local server_name = ssl.server_name() | |
local addr, addrtyp, err = ssl.raw_server_addr() | |
local byte = string.byte | |
local cert_path = "" | |
ssl.clear_certs() | |
-- Check for SNI request. | |
if server_name == nil then | |
ngx.log(ngx.INFO, "SNI Not present - performing IP lookup") | |
-- Set server name as IP address. | |
server_name = string.format("%d.%d.%d.%d", byte(addr, 1), byte(addr, 2), byte(addr, 3), byte(addr, 4)) | |
ngx.log(ngx.INFO, "IP Address: ", server_name) | |
end | |
-- Set certifcate paths | |
cert_path = "/usr/local/openresty/nginx/ssl/" .. server_name .. ".der" | |
key_path = "/usr/local/openresty/nginx/ssl/" .. server_name .. ".key.der" | |
-- Attempt to retrieve and set certificate for request. | |
local f = assert(io.open(cert_path)) | |
local cert_data = f:read("*a") | |
f:close() | |
local ok, err = ssl.set_der_cert(cert_data) | |
if not ok then | |
ngx.log(ngx.ERR, "failed to set DER cert: ", err) | |
return | |
end | |
-- Attempt to retrieve and set key for request. | |
local f = assert(io.open(key_path)) | |
local pkey_data = f:read("*a") | |
f:close() | |
local ok, err = ssl.set_der_priv_key(pkey_data) | |
if not ok then | |
ngx.log(ngx.ERR, "failed to set DER key: ", err) | |
return | |
end | |
'; | |
ssl_certificate /usr/local/openresty/nginx/ssl/default.litespeed.io.pem; | |
ssl_certificate_key /usr/local/openresty/nginx/ssl/default.litespeed.io.com.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
location / { | |
rewrite ^ https://www.$host$request_uri permanent; | |
# for testing | |
# content_by_lua ' | |
# ngx.header["Content-Type"] = "text/plain" | |
# ngx.status = 201 ngx.say("foo") | |
# ngx.exit(201)'; | |
} | |
} | |
server { | |
listen 80 default_server; | |
location / { | |
rewrite ^ https://www.$host$request_uri permanent; | |
} | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment