Photo by Wil Seaman on Unsplash


So the story goes that I'm a cheap person and my friend wants a free blog site as well so I decide to just put up something for this. Long story short, assume you know how to use certbot to obtain an SSL certificate from Let's encrypt. You're ready to go.

Assume you have two domains you need to use: ea.com sub.eb.com, what you really need to do is to handle 4 types of url requests:

Remember how nginx works, i.e: it reads all *.conf in /etc/nginx/site-enabled/ and the common practice is to make soft links from site-avaliable. We essentially need 4 blocks of code:

 server {
     server_name ea.com
     listen 80;
     return 301 https://ea.com/;
     location ~ ^/.well-known/{
         root /var/www/ea/;
     }
     location / {
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   Host      $http_host;
         proxy_pass         http://localhost:23387;
     }
 }

 server {
     listen *:443 ssl;
     server_name ea.com; # Replace with your domain
     access_log /var/log/nginx/www_ss.log;
     ssl_certificate /etc/letsencrypt/live/ea.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/ea.com/privkey.pem;
     include /etc/nginx/h5bp/h5bp/directive-only/ssl.conf;
     include /etc/nginx/h5bp/h5bp/directive-only/ssl-stapling.conf;
     include /etc/nginx/h5bp/h5bp/directive-only/spdy.conf;
     location ~ ^/.well-known/{
     root /var/www/ea/;
     }
     location / {
         proxy_pass http://localhost:23387;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_buffering off;
     }
 }

And repeat for sub.eb.com