cbb8595380
- use container-bound certificates by default - do not use separate certificate loading include
39 lines
860 B
Plaintext
39 lines
860 B
Plaintext
#
|
|
# Default SECURED server block with LetsEncrypt support
|
|
#
|
|
|
|
server {
|
|
listen 80;
|
|
include /etc/nginx/server_names.conf;
|
|
|
|
# default redirect to properly formed HTTPS location
|
|
location / {
|
|
return 301 https://$host:<HTTPS_PORT>$request_uri;
|
|
}
|
|
|
|
# process Let's Encrypt challenges
|
|
location ^~ /.well-known/acme-challenge {
|
|
# log requests for security reasons
|
|
access_log /var/log/nginx/access.log main;
|
|
error_log /var/log/nginx/error.log warn;
|
|
|
|
default_type text/plain;
|
|
root /usr/share/nginx/letsencrypt;
|
|
autoindex on;
|
|
}
|
|
|
|
# error pages
|
|
include /etc/nginx/errorpages.conf;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
include /etc/nginx/server_names.conf;
|
|
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
# error pages
|
|
include /etc/nginx/errorpages.conf;
|
|
} |