Created
February 6, 2018 15:51
-
-
Save nix010/47dcd79d160955e2ddb4204421bf430b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # sudo add-apt-repository ppa:certbot/certbot && sudo apt-get update && sudo apt-get install -y python-certbot-nginx | |
| # sudo certbot --nginx -d {domain}.com -d www.{domain}.com | |
| # django app | |
| # ... | |
| # Check cronjobs | |
| # cat /etc/cron.d/certbot | |
| # Expires map cache | |
| map $sent_http_content_type $expires { | |
| default off; | |
| text/html epoch; | |
| text/css max; | |
| application/javascript max; | |
| ~image/ max; | |
| } | |
| # Redirect from :80 to :443 | |
| server { | |
| listen 80 default_server; | |
| listen [::]:80 default_server; | |
| server_name {domain}; | |
| return 302 https://$server_name$request_uri; | |
| } | |
| server { | |
| listen 443 ssl http2 default_server; | |
| listen [::]:443 ssl http2 default_server; | |
| server_name {domain}; | |
| # cat /etc/letsencrypt/renewal/{domain}.conf | |
| ssl_certificate_key /etc/letsencrypt/live/{domain}/privkey.pem; | |
| ssl_certificate /etc/letsencrypt/live/{domain}/cert.pem; | |
| access_log om; | |
| expires $expires; | |
| location /static/ { | |
| alias {app_dir}/{domain}/static/; | |
| } | |
| location /media/ { | |
| alias {app_dir}/{domain}/media/; | |
| } | |
| location / { | |
| proxy_pass http://127.0.0.1:{app_port}; | |
| proxy_set_header X-Forwarded-Host $server_name; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"'; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment