So the story goes that I'm a cheap person and my friend wants a free blog site as well so I decide to just put up something for this. Long story short, assume you know how to use certbot to obtain an SSL certificate from Let's encrypt. You're ready to go.
Assume you have two domains you need to use: ea.com sub.eb.com, what you really need to do is to handle 4 types of url requests:
http://ea.com -> redirect to https
http://sub.eb.com -> redirect to https
(you can similartly set up redirect for eb.com -> sub.eb.com, which is trivial)
Remember how nginx
works, i.e: it reads all *.conf
in /etc/nginx/site-enabled/
and the common practice is to make soft links from site-avaliable
. We essentially need 4 blocks of code:
server { server_name ea.com listen 80; return 301 https://ea.com/; location ~ ^/.well-known/{ root /var/www/ea/; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_pass http://localhost:23387; } } server { listen *:443 ssl; server_name ea.com; # Replace with your domain access_log /var/log/nginx/www_ss.log; ssl_certificate /etc/letsencrypt/live/ea.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ea.com/privkey.pem; include /etc/nginx/h5bp/h5bp/directive-only/ssl.conf; include /etc/nginx/h5bp/h5bp/directive-only/ssl-stapling.conf; include /etc/nginx/h5bp/h5bp/directive-only/spdy.conf; location ~ ^/.well-known/{ root /var/www/ea/; } location / { proxy_pass http://localhost:23387; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; } }
And repeat for sub.eb.com