Last active
April 30, 2020 13:07
-
-
Save nnzo/010b5c1726817b53d4e3a6e076ca5b86 to your computer and use it in GitHub Desktop.
Ngnix Reverse Proxy using let's encrypto SSL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file is located at /etc/nginx/sites-enabled/default | |
| # Replace the entire contents of the file with this | |
| server { | |
| listen 9196 default_server; | |
| server_name pool.flame.exchange; | |
| rewrite ^ https://$host$request_uri? permanent; | |
| } | |
| server { | |
| listen 443 ssl; | |
| # if you wish, you can use the below line for listen instead | |
| # which enables HTTP/2 | |
| # requires nginx version >= 1.9.5 | |
| # listen 443 ssl http2; | |
| server_name pool.flame.exchange; | |
| ssl_certificate /etc/letsencrypt/live/pool.flame.exchange/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/pool.flame.exchange/privkey.pem; | |
| # Turn on OCSP stapling as recommended at | |
| # https://community.letsencrypt.org/t/integration-guide/13123 | |
| # requires nginx version >= 1.3.7 | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| # Uncomment this line only after testing in browsers, | |
| # as it commits you to continuing to serve your site over HTTPS | |
| # in future | |
| # add_header Strict-Transport-Security "max-age=31536000"; | |
| access_log /var/log/nginx/sub.log combined; | |
| # maintain the .well-known directory alias for renewals | |
| location /.well-known { | |
| alias /var/www/sub.domain.com/.well-known; | |
| } | |
| location / { | |
| # proxy commands go here as in your port 80 configuration | |
| proxy_pass http://localhost:80/; | |
| proxy_redirect http://localhost:80/ https://host/; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment