Skip to main content

Установка nginx для https, получение сертификата letsencrypt

Nginx conf

server {
  set $csp_address         "127.0.0.1";

  listen 443 ssl;
  listen [::]:443 ssl;
  server_name mydomain.ru;

  error_log /var/logs/nginx/error.log warn;

  location / {
    #Websocket support
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;

    # Let's Encrypt SSL
    include conf.d/include/letsencrypt-acme-challenge.conf;
    include conf.d/include/ssl-ciphers.conf;
    ssl_certificate /etc/letsencrypt/live/xxxx/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxxx/privkey.pem;

    #Proxy
    client_max_body_size 512m;
    add_header       X-Served-By $host;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP          $remote_addr;
    proxy_pass       http://$csp_address:80$request_uri;
  }

  location ^~ /.well-known/acme-challenge/ {
      default_type "text/plain";
      root /var/www/letsencrypt;
  }

}
Back to top