Ok you have a site and you’d like to redirect http to https, but you’d also like to use certbot renew
to update certificates.
/etc/nginx/acme.conf
1 2 3 4 5 6 7 |
location /.well-known { alias /var/www/acme/.well-known; location ~ /.well-known/(.*) { default_type text/plain; } } |
/etc/nginx/vhosts/example.com
1 2 3 4 5 6 7 8 9 |
server { listen 80; listen [::]:80; server_name example.com; include /etc/nginx/acme.conf; location / { return 301 https://$host$request_uri; } } |
and for completeness sake
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; access_log /var/log/nginx/example.com.access.log; error_log /var/log/nginx/example.com.error.log; location / { proxy_pass unix:/var/run/example.com.sock; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; } } |