Skip to content

sysadmin / acme-ssl

Go to a project
Switch branch/tag
nginx.conf 758 Bytes
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 
server {
    # слушаем порты и настраиваем SSL:
    listen 80;
    listen 443 ssl;

    # сертификаты для сервера
    ssl_certificate     /var/cache/acme/site.crt;
    ssl_certificate_key /var/cache/acme/site.key;

    # простейшая защита от XSS 
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options DENY;

    # запросы acme-challenge
    location ~ ^/\.well-known/acme-challenge/([a-zA-Z0-9_-]*)$ { 
      default_type "text/plain";
      alias /var/cache/acme/challenges/$1;
    }

    # редирект на https
    if ($scheme != https) {
      rewrite ^ https://$http_host$request_uri permanent;
    }
}