server {
listen 80;
listen [::]:80;
server_name vmetrics.nethence.com;
access_log /var/log/nginx/vmetrics.access.log main;
error_log /var/log/nginx/vmetrics.error.log warn;
location / {
return 301 https://$host$request_uri;
}
# deal with http-01 challenges (no http2 there)
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
# trailing slash matters
alias /var/www/dehydrated/;
}
ssi off;
autoindex off;
autoindex_exact_size off;
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ~ /apple-touch-icon { access_log off; log_not_found off; }
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name vmetrics.nethence.com;
http2 on;
access_log /var/log/nginx/vmetrics.access.ssl.log mainssl;
error_log /var/log/nginx/vmetrics.error.ssl.log warn;
# http-01 sample
ssl_certificate /etc/dehydrated/certs/vmetrics.nethence.com/fullchain.pem;
ssl_certificate_key /etc/dehydrated/certs/vmetrics.nethence.com/privkey.pem;
ssl_certificate /etc/dehydrated/certs/ECC/vmetrics.nethence.com/fullchain.pem;
ssl_certificate_key /etc/dehydrated/certs/ECC/vmetrics.nethence.com/privkey.pem;
auth_basic "restricted area";
auth_basic_user_file passwd;
location / {
proxy_pass http://127.0.0.1:8428/;
}
ssi off;
autoindex on;
autoindex_exact_size off;
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ~ /apple-touch-icon { access_log off; log_not_found off; }
}