From 6b4f0b9478081268ff32c0442cd7b37a5e263cb2 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Thu, 6 Jan 2022 07:15:46 +0100
Subject: [PATCH] updated nginx config for ssl

---
 .../nginx/sites-available/gradido.conf        | 30 +++++++++++++++++--
 1 file changed, 27 insertions(+), 3 deletions(-)

diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf
index c80776513..82384243f 100644
--- a/deployment/bare_metal/nginx/sites-available/gradido.conf
+++ b/deployment/bare_metal/nginx/sites-available/gradido.conf
@@ -1,9 +1,33 @@
+# HTTP server
+server {
+    if ($host = stage1.gradido.net) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    server_name stage1.gradido.net;
+    listen 80;
+    listen [::]:80;
+    return 404; # managed by Certbot
+
+
+}
+
+# HTTPS Server
 server {
     # TODO correct server name stage1.gradido.net
     server_name stage1.gradido.net;
     #server_name 0.0.0.0;
-    listen 80;
-    listen [::]:80;
+    #listen 80;
+    #listen [::]:80;
+
+    # TODO
+    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/stage1.gradido.net/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/stage1.gradido.net/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
     #include /etc/nginx/common/protect.conf;
     #include /etc/nginx/common/protect_add_header.conf;
@@ -42,7 +66,7 @@ server {
     }
 
     # Admin Frontend
-    location /admin/ {
+    location /admin {
         proxy_http_version 1.1;
         proxy_set_header   Upgrade $http_upgrade;
         proxy_set_header   Connection 'upgrade';