Update nginx config to use Letsencrypt

2023-02-07 22:41:51 +01:00 · 2023-02-07 22:41:51 +01:00 · 310ab108cb
commit 310ab108cb
parent 11b004c69e
2 changed files with 24 additions and 2 deletions
--- a/1
+++ b/1
@ -13,4 +13,5 @@ COPY --from=build /app/build /usr/share/nginx/html
 RUN rm /etc/nginx/conf.d/default.conf
 COPY config/nginx/nginx.conf /etc/nginx/conf.d
 EXPOSE 80
+EXPOSE 443
 CMD ["nginx", "-g", "daemon off;"]
--- a/config/nginx/nginx.conf
+++ b/config/nginx/nginx.conf
@ -1,5 +1,22 @@
 server {
-  listen 80;
+    server_name matsubara.nl www.matsubara.nl;
+    listen 80;
+    listen [::]:80;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+  server_name matsubara.nl www.matsubara.nl;
+  server_tokens off;
+
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  # These two directives define the paths to the TLS certificate and secret key.
+  # These will be provisioned using Certbot and mounted into the Nginx container in the next step.
+  ssl_certificate /etc/letsencrypt/live/matsubara.nl-0002/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/matsubara.nl-0002/privkey.pem;

  location / {
    root   /usr/share/nginx/html;
@ -16,4 +33,8 @@ server {
  location = /50x.html {
    root   /usr/share/nginx/html;
  }
+
+  location /.well-known/acme-challenge/ {
+      root /var/www/certbot;
+  }
 }