diff options
| author | cyfraeviolae <cyfraeviolae> | 2024-04-03 03:24:02 -0400 |
|---|---|---|
| committer | cyfraeviolae <cyfraeviolae> | 2024-04-03 03:24:02 -0400 |
| commit | 2fccdbb1ef6b64d254e043e4a90f6fc1b19aba1b (patch) | |
| tree | bf033d321383f2ddc14100568c4eac6712d63603 | |
| parent | 9a5a187b810b7f259dc1b46f2cdf7790d27098cf (diff) | |
tls
| -rw-r--r-- | cyfraeviolae.conf | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/cyfraeviolae.conf b/cyfraeviolae.conf index e44838c..ab4c109 100644 --- a/cyfraeviolae.conf +++ b/cyfraeviolae.conf @@ -93,8 +93,7 @@ server { } server { - listen 80 quietreading.org; - # server_name _; + server_name quietreading.org; # return 301 https://$host$request_uri; location ~ /\. { deny all; @@ -112,6 +111,25 @@ server { expires 1h; add_header Cache-Control "public"; } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/quietreading.org/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/quietreading.org/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + if ($host = quietreading.org) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name quietreading.org; + return 404; # managed by Certbot + + } # server { |