0609c680e0
- actually create letsencrypt challenge directory - point default server-blocks to proper LE directory - fix access and error logging for LE requests - update server-block configuration comment headers
42 lines
923 B
Plaintext
42 lines
923 B
Plaintext
#
|
|
# Default SECURED server block with LetsEncrypt support
|
|
#
|
|
|
|
server {
|
|
listen 80;
|
|
include /etc/nginx/server_names.conf;
|
|
|
|
# default redirect to properly formed HTTPS location
|
|
location / {
|
|
return 301 https://$host:<HTTPS_PORT>$request_uri;
|
|
}
|
|
|
|
# process Let's Encrypt challenges
|
|
location ^~ /.well-known/acme-challenge {
|
|
# log requests for security reasons
|
|
access_log /var/log/nginx/access.log main;
|
|
error_log /var/log/nginx/error.log warn;
|
|
|
|
default_type text/plain;
|
|
root /usr/share/nginx/letsencrypt;
|
|
autoindex on;
|
|
}
|
|
|
|
# error pages
|
|
include /etc/nginx/errorpages.conf;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
include /etc/nginx/server_names.conf;
|
|
|
|
# ssl certificates
|
|
include /etc/nginx/ssl_certs.conf;
|
|
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
# error pages
|
|
include /etc/nginx/errorpages.conf;
|
|
} |