robotnealan/sites-available-ghost-www

## sites-available-ghost-www
server {
        listen 80;
        server_name yourdomain.com www.yourdomain.com;
        return 301 https://www.yourdomain.com$request_uri;
}

server {
        listen 443 ssl;
        server_name yourdomain.com;
        return 301 $scheme://www.yourdomain.com$request_uri;

        ssl on;
        ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

        ssl_prefer_server_ciphers On;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
}

server {
        listen 443 ssl;

        server_name www.yourdomain.com;

        root /var/www/ghost;
        index index.html index.htm;
        client_max_body_size 10G;

        location / {
                proxy_pass http://localhost:2368;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_buffering off;
        }

        ssl on;
        ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

        ssl_prefer_server_ciphers On;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

        location ~ ^/(sitemap.xml|robots.txt) {
                root /var/www/ghost/public;
        }

        location ~ ^/.well-known {
               root /var/www;
        }
}
	server {
	listen 80;
	server_name yourdomain.com www.yourdomain.com;
	return 301 https://www.yourdomain.com$request_uri;
	}

	server {
	listen 443 ssl;
	server_name yourdomain.com;
	return 301 $scheme://www.yourdomain.com$request_uri;

	ssl on;
	ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

	ssl_prefer_server_ciphers On;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
	}

	server {
	listen 443 ssl;

	server_name www.yourdomain.com;

	root /var/www/ghost;
	index index.html index.htm;
	client_max_body_size 10G;

	location / {
	proxy_pass http://localhost:2368;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_buffering off;
	}

	ssl on;
	ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

	ssl_prefer_server_ciphers On;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

	location ~ ^/(sitemap.xml\|robots.txt) {
	root /var/www/ghost/public;
	}

	location ~ ^/.well-known {
	root /var/www;
	}
	}