Skip to content

Instantly share code, notes, and snippets.

@robotnealan
Created January 25, 2017 02:23
Show Gist options
  • Save robotnealan/7d694ad31fec10c670cdcd4fba143de9 to your computer and use it in GitHub Desktop.
Save robotnealan/7d694ad31fec10c670cdcd4fba143de9 to your computer and use it in GitHub Desktop.
DigitalOcean LetsEncrypt Nginx Config: www. Edition
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://www.yourdomain.com$request_uri;
}
server {
listen 443 ssl;
server_name yourdomain.com;
return 301 $scheme://www.yourdomain.com$request_uri;
ssl on;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
}
server {
listen 443 ssl;
server_name www.yourdomain.com;
root /var/www/ghost;
index index.html index.htm;
client_max_body_size 10G;
location / {
proxy_pass http://localhost:2368;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
location ~ ^/(sitemap.xml|robots.txt) {
root /var/www/ghost/public;
}
location ~ ^/.well-known {
root /var/www;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment