Mastodon Nginx configuration for LOCAL_DOMAIN server.

example.com.conf.md

# This file is located at /etc/nginx/sites-available/example.com and symlinked to
# /etc/nginx/sites-enabled/example.com


server {
  # Binds the TCP port 80.
  listen 80;
  listen [::]:80;

  # Defines the domain or subdomain name.
  # If no server_name is defined in a server block then
  # Nginx uses the 'empty' name
  server_name example.com;

  # Allow this path so certbot can obtain SSL certificates.
  location /.well-known/acme-challenge/ {
    allow all;
  }

  # Initially, I was a little more selective with redirecting requests...
  # But since right now "example.com" is not being used, I just decided
  # I would redirect everything. I'm not sure if that's a bad idea.
  # location ~ \/.well-known/(host-meta|webfinger|nodeinfo)\/?(.*)$ {
  #   return 301 https://mastodon.example.com$request_uri;
  # }

  location / {
    # Not entirely sure why this header is required?
    add_header Access-Control-Allow-Origin '*';
      # Return a 404 error for instances when the server receives
      # requests for untraceable files and directories.
    return 301 https://mastodon.example.com$request_uri;
  }
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name example.com;

  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;

  # Uncomment these lines once you acquire a certificate:
  ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  
  location / {
    return 301 https://mastodon.example.com$request_uri;
  } 
}