# This file is located at /etc/nginx/sites-available/example.com and symlinked to
# /etc/nginx/sites-enabled/example.com
server {
# Binds the TCP port 80.
listen 80;
listen [::]:80;
# Defines the domain or subdomain name.
# If no server_name is defined in a server block then
# Nginx uses the 'empty' name
server_name example.com;
# Allow this path so certbot can obtain SSL certificates.
location /.well-known/acme-challenge/ {
allow all;
}
# Initially, I was a little more selective with redirecting requests...
# But since right now "example.com" is not being used, I just decided
# I would redirect everything. I'm not sure if that's a bad idea.
# location ~ \/.well-known/(host-meta|webfinger|nodeinfo)\/?(.*)$ {
# return 301 https://mastodon.example.com$request_uri;
# }
location / {
# Not entirely sure why this header is required?
add_header Access-Control-Allow-Origin '*';
# Return a 404 error for instances when the server receives
# requests for untraceable files and directories.
return 301 https://mastodon.example.com$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Uncomment these lines once you acquire a certificate:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
return 301 https://mastodon.example.com$request_uri;
}
}
Last active
July 13, 2023 15:03
-
-
Save no-jochs/d1c0b5144dfea45d94d573d08b793f94 to your computer and use it in GitHub Desktop.
Mastodon Nginx configuration for LOCAL_DOMAIN server.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment