|
@@ -0,0 +1,24 @@
|
|
1
|
+server {
|
|
2
|
+ listen 80 default_server;
|
|
3
|
+ listen [::]:80 default_server;
|
|
4
|
+
|
|
5
|
+ server_name _;
|
|
6
|
+
|
|
7
|
+ # From: https://community.letsencrypt.org/t/how-to-nginx-configuration-to-enable-acme-challenge-support-on-all-http-virtual-hosts/5622
|
|
8
|
+ location ^~ /.well-known/acme-challenge/ {
|
|
9
|
+ default_type "text/plain";
|
|
10
|
+ alias /letsencrypt/well-known/;
|
|
11
|
+ }
|
|
12
|
+
|
|
13
|
+ # Hide /acme-challenge subdirectory and return 404 on all requests.
|
|
14
|
+ # It is somewhat more secure than letting Nginx return 403.
|
|
15
|
+ # Ending slash is important!
|
|
16
|
+ location = /.well-known/acme-challenge/ {
|
|
17
|
+ return 404;
|
|
18
|
+ }
|
|
19
|
+
|
|
20
|
+ # Redirects all default HTTP traffic to HTTPS.
|
|
21
|
+ location / {
|
|
22
|
+ return 301 https://$host$request_uri;
|
|
23
|
+ }
|
|
24
|
+}
|