Begin work on HTTPS

2026-02-05 00:14:05 +00:00 · 2019-02-01 21:36:48 +01:00 · 2019-02-01 21:36:48 +01:00 · aa46cb8e35
commit aa46cb8e35
parent 349832c64b
10 changed files with 148 additions and 0 deletions
--- a/nginx/includes/tenancy
+++ b/nginx/includes/tenancy
@ -0,0 +1,4 @@
+include includes/tenancy_base;
+
+listen 443 ssl http2;
+listen [::]:443 ssl http2;
--- a/nginx/includes/tenancy_base
+++ b/nginx/includes/tenancy_base
@ -0,0 +1,31 @@
+include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
+
+access_log      /var/log/nginx/tenancy/access.log;
+error_log       /var/log/nginx/tenancy/error.log;
+rewrite_log     on;
+
+root            /var/www/laravel/tenancy/public;
+index           index.php;
+
+location / {
+    try_files   $uri $uri/ /index.php?$query_string;
+}
+
+# Remove trailing slash to please the routing system.
+if (!-d $request_filename) {
+    rewrite     ^/(.+)/$ /$1 permanent;
+}
+
+location ~* \.php$ {
+    fastcgi_pass                    unix:/var/run/php/php7.2-fpm.sock;
+    fastcgi_index                   index.php;
+    fastcgi_split_path_info         ^(.+\.php)(.*)$;
+    include                         /etc/nginx/fastcgi_params;
+    fastcgi_param                   SCRIPT_FILENAME $document_root$fastcgi_script_name;
+}
+
+location ~ /\.ht {
+    deny all;
+}
--- a/nginx/sites-available/example.conf
+++ b/nginx/sites-available/example.conf
@ -0,0 +1,29 @@
+# certbot -n --staging --nginx -d tenancytest1.ml --preferred-challenges http --must-staple --agree-tos --email samuel.stancl@gmail.com
+
+# Catch-all HTTP (:80) server
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+	return 301 https://$server_name$request_uri;  # Be careful with 301.
+}
+
+# A block like this will be added for each tenant.
+# server {
+# 	include includes/tenancy;
+# 	server_name dev.localhost;
+# }
+
+# If you have some exempt domains, you should create blocks like these
+# for each domain. If you're okay with using a single certificate
+# for these domains, you can create just one block like this:
+#    server {
+#        include includes/tenancy_base;
+# 
+#        listen 443 ssl http2 default_sever;
+#        listen [::]:443 ssl http2 default_sever;
+# 
+#        ssl_certificate ...;
+#        ssl_certificate_key ...;
+#    }
+# Otherwise, use multiple server blocks with
+# server_name instead of default_server