updated nginx config for ssl

2025-12-13 07:45:54 +00:00 · 2022-01-06 07:15:46 +01:00 · 2022-01-06 07:15:46 +01:00 · 6b4f0b9478
commit 6b4f0b9478
parent 40cb92d076
1 changed files with 27 additions and 3 deletions
--- a/deployment/bare_metal/nginx/sites-available/gradido.conf
+++ b/deployment/bare_metal/nginx/sites-available/gradido.conf
@ -1,9 +1,33 @@
+# HTTP server
+server {
+    if ($host = stage1.gradido.net) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    server_name stage1.gradido.net;
+    listen 80;
+    listen [::]:80;
+    return 404; # managed by Certbot
+
+
+}
+
+# HTTPS Server
 server {
    # TODO correct server name stage1.gradido.net
    server_name stage1.gradido.net;
    #server_name 0.0.0.0;
-    listen 80;
-    listen [::]:80;
+    #listen 80;
+    #listen [::]:80;
+
+    # TODO
+    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/stage1.gradido.net/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/stage1.gradido.net/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    #include /etc/nginx/common/protect.conf;
    #include /etc/nginx/common/protect_add_header.conf;
@ -42,7 +66,7 @@ server {
    }

    # Admin Frontend
-    location /admin/ {
+    location /admin {
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection 'upgrade';