51 lines
1.7 KiB
Plaintext
51 lines
1.7 KiB
Plaintext
|
# /etc/nginx/sites-available/puffinoffset.com
|
||
|
|
|
||
|
|
# 1) Redirect all HTTP to HTTPS, except the ACME challenge path
|
||
|
|
server {
|
||
|
|
listen 80;
|
||
|
|
server_name puffinoffset.com;
|
||
|
|
|
||
|
|
# Allow certbot to do HTTP-01 challenges
|
||
|
|
location ^~ /.well-known/acme-challenge/ {
|
||
|
|
root /var/www/html; # adjust if your webroot differs
|
||
|
|
try_files $uri =404;
|
||
|
|
}
|
||
|
|
|
||
|
|
# Redirect everything else to HTTPS
|
||
|
|
location / {
|
||
|
|
return 301 https://$host$request_uri;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
# 2) HTTPS server block: reverse-proxy to your Docker app on localhost:3800
|
||
|
|
server {
|
||
|
|
listen 443 ssl http2;
|
||
|
|
server_name puffinoffset.com;
|
||
|
|
|
||
|
|
# === SSL certs from Let's Encrypt ===
|
||
|
|
# ssl_certificate /etc/letsencrypt/live/puffinoffset.com/fullchain.pem;
|
||
|
|
# ssl_certificate_key /etc/letsencrypt/live/puffinoffset.com/privkey.pem;
|
||
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # from certbot
|
||
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # from certbot
|
||
|
|
|
||
|
|
# === Proxy all traffic to your Node app ===
|
||
|
|
location / {
|
||
|
|
proxy_pass http://127.0.0.1:3800;
|
||
|
|
proxy_http_version 1.1;
|
||
|
|
proxy_set_header Upgrade $http_upgrade;
|
||
|
|
proxy_set_header Connection "upgrade";
|
||
|
|
proxy_set_header Host $host;
|
||
|
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
|
# increase timeouts if your app sometimes takes longer to respond:
|
||
|
|
proxy_read_timeout 90;
|
||
|
|
}
|
||
|
|
|
||
|
|
# Optional: serve static assets directly if you ever add any here
|
||
|
|
# location /static/ {
|
||
|
|
# root /var/www/puffinoffset.com;
|
||
|
|
# try_files $uri $uri/ =404;
|
||
|
|
# }
|
||
|
|
}
|