более корректный пример

Никита Миропольский
Commit 660be5af authored Nov 17, 2016 by Никита Миропольский
Showing 1 changed file with 36 additions and 19 deletions
nginx.conf
--- a/nginx.conf
+++ b/nginx.conf
 server {
-    # слушаем порты и настраиваем SSL:
-    listen 80;
-    listen 443 ssl;
+  listen 80;
+  server_name ggg.ashmanov.com;
+  server_tokens off;

-    # сертификаты для сервера
-    ssl_certificate     /var/cache/acme/site.crt;
-    ssl_certificate_key /var/cache/acme/site.key;
+  access_log  /var/log/nginx/gitlab_access.log;
+  error_log   /var/log/nginx/gitlab_error.log;

-    # простейшая защита от XSS 
-    add_header X-XSS-Protection "1; mode=block";
-    add_header X-Content-Type-Options nosniff;
-    add_header X-Frame-Options DENY;
-
-    # запросы acme-challenge
-    location ~ ^/\.well-known/acme-challenge/([a-zA-Z0-9_-]*)$ { 
+  # запросы acme-challenge
+  location ~ ^/\.well-known/acme-challenge/([a-zA-Z0-9_-]*)$ {
      default_type "text/plain";
      alias /var/cache/acme/challenges/$1;
-    }
+  }
+  
+  # остальные запросы 
+  location / {
+    return 301 https://$server_name$request_uri;
+  }
+}
+
+server {
+  listen 443 ssl;
+  server_name ggg.ashmanov.com;
+  server_tokens off;
+
+  access_log  /var/log/nginx/gitlab_ssl_access.log;
+  error_log   /var/log/nginx/gitlab_ssl_error.log;
+
+  ssl_certificate     /var/cache/acme/site.crt;
+  ssl_certificate_key /var/cache/acme/site.key;
+
+  # простейшая защита от XSS 
+  add_header X-XSS-Protection "1; mode=block";
+  add_header X-Content-Type-Options nosniff;
+  add_header X-Frame-Options DENY;
+
+  if ($http_host != $server_name) {
+      return 301 https://$server_name$request_uri;
+  }

-    # редирект на https
-    if ($scheme != https) {
-      rewrite ^ https://$http_host$request_uri permanent;
-    }
-} 
+  include gitlab.conf;
+}