server-configs-nginx/sites-available/ssl.example.com

54 lines
1.4 KiB
Plaintext
Raw Normal View History

# Choose between www and non-www, listen on the *wrong* one and redirect to
2018-11-23 14:45:12 +01:00
# the right one -- https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#server-name-if
#
server {
2014-08-21 01:32:02 +02:00
listen [::]:80;
listen 80;
# listen on both hosts
server_name example.com www.example.com;
# and redirect to the https host (declared below)
# avoiding http://www -> https://www -> https:// chain.
return 301 https://example.com$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
# listen on the wrong host
server_name www.example.com;
2018-11-25 19:13:33 +01:00
include h5bp/ssl/ssl_engine.conf;
include h5bp/ssl/policy_intermediate.conf;
# and redirect to the non-www host (declared below)
return 301 https://example.com$request_uri;
}
server {
# listen [::]:443 ssl http2 accept_filter=dataready; # for FreeBSD
# listen 443 ssl http2 accept_filter=dataready; # for FreeBSD
# listen [::]:443 ssl http2 deferred; # for Linux
# listen 443 ssl http2 deferred; # for Linux
listen [::]:443 ssl http2;
listen 443 ssl http2;
# The host name to respond to
server_name example.com;
2018-11-25 19:13:33 +01:00
include h5bp/ssl/ssl_engine.conf;
include h5bp/ssl/policy_intermediate.conf;
# Path for static files
root /var/www/example.com/public;
# Custom 404 page
error_page 404 /404.html;
# Include the basic h5bp config set
include h5bp/basic.conf;
}