From: nutra-bot Date: Mon, 27 Jun 2022 19:14:06 +0000 (+0000) Subject: copy from helio X-Git-Url: https://git.nutra.tk/v1?a=commitdiff_plain;h=3da4d13569b5515226f80e76fbf37b644fb169e9;p=nutratech%2Fvps-root.git copy from helio --- diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default index 2265c55..0122502 100644 --- a/etc/nginx/sites-available/default +++ b/etc/nginx/sites-available/default @@ -1,16 +1,13 @@ -upstream deveast.linode.poczatek.dev { +upstream vps76.heliohost.us { keepalive 100; server 127.0.0.1:20000; # server unix:/tmp/sanic.sock; } server { - server_name deveast.linode.poczatek.dev; + server_name vps76.heliohost.us; # listen 443 ssl http2 default_server; - # listen [::]:443 ssl http2 default_server; - listen 80 default_server; - listen [::]:80 http2 default_server; - ssl off; + listen [::]:443 ssl http2 default_server; # Serve static files if found, otherwise proxy to Sanic location / { root /var/www; @@ -23,30 +20,42 @@ server { proxy_request_buffering off; proxy_buffering off; # Proxy forwarding (password configured in app.config.FORWARDED_SECRET) - proxy_set_header forwarded "$proxy_forwarded;secret=\"secret\""; + proxy_set_header forwarded "$proxy_forwarded;secret=\"REDACTED\""; # Allow websockets and keep-alive (avoid connection: close) proxy_set_header connection "upgrade"; proxy_set_header upgrade $http_upgrade; } + # default favicon location = /favicon.ico { alias /www/ntserv/static/favicon.gif; } + listen 80; # managed by Certbot + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/vps76.heliohost.us/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vps76.heliohost.us/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + } -# Redirect all to HTTP no-WWW + +# Redirect all HTTP to HTTPS with no-WWW server { - listen 80; - server_name _; - rewrite ^(.*) http://$host$1 permanent; + listen 80 default_server; + listen [::]:80 default_server; + server_name ~^(?:www\.)?(.*)$; + return 301 https://$1$request_uri; } -#server { - #listen 80 default_server; - #listen [::]:80 default_server; -# server_name ~^(?:www\.)?(.*)$; -# return 301 http://$1$request_uri; -#} +# Redirect WWW to no-WWW +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ~^www\.(.*)$; + return 301 $scheme://$1$request_uri; +}