Skip to content
Browse files

Use ssl for main site

upgrade non ssl trafic
add webhook endpoint
  • Loading branch information...
1 parent 71da57f commit fb7d3a3146def5f1ceef3ae0e2628f0eb6f1aed5 @BerkeleyTrue BerkeleyTrue committed
Showing with 41 additions and 47 deletions.
  1. +41 −47 default-server.nginx.conf
View
88 default-server.nginx.conf
@@ -1,68 +1,40 @@
-
# prevent non freecodecamp traffic
server {
# returning 444 here will immediately drop the connection
return 444;
}
-
-# setup to redirect those that get to fcc through https
-# this will send them a minimal page that will redirect them to non https site once loaded.
-# express handles serving the page that will redirect them
+# redirect root to www subdomain
+server {
+ listen 80;
+ server_name freecodecamp.com;
+ return 301 $scheme://www.freecodecamp.com$request_uri;
+}
server {
listen 443 ssl;
- server_name freecodecamp.com www.freecodecamp.com;
-
+ server_name freecodecamp.com;
ssl on;
- ssl_certificate /etc/nginx/ssl/freecodecamp/freecodecamp.com.chained.crt;
- ssl_certificate_key /etc/nginx/ssl/freecodecamp/freecodecamp.key;
-
- error_page 500 502 503 504 /500.html;
-
- location = /500-oops.html {
- root /home/freecodecamp/static;
- }
-
- location = /main.css {
- root /home/freecodecamp/static;
- }
-
- location / {
- include /etc/nginx/mime.types;
- proxy_pass http://127.0.0.1:1337;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection 'upgrade';
- proxy_set_header Host $host;
-
- proxy_read_timeout 60;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Real-IP $remote_addr;
-
- proxy_cache_bypass $http_upgrade;
-
- proxy_buffering on;
- proxy_buffer_size 1k;
- proxy_buffers 24 4k;
- proxy_busy_buffers_size 8k;
- proxy_max_temp_file_size 2048m;
- proxy_temp_file_write_size 32k;
- }
+ ssl_certificate /etc/nginx/ssl/freecodecamp.com.chained.crt;
+ ssl_certificate_key /etc/nginx/ssl/freecodecamp.key;
+ return 301 $scheme://www.freecodecamp.com$request_uri;
}
-# redirect root to www subdomain
+# upgrade ssl
server {
listen 80;
- server_name freecodecamp.com;
-
- return 301 $scheme://www.freecodecamp.com$request_uri;
+ server_name www.freecodecamp.com;
+ return 301 https://www.freecodecamp.com$request_uri;
}
-# main server
+# ssl
server {
- listen 80;
+ listen 443 ssl;
server_name www.freecodecamp.com;
+ ssl on;
+ ssl_certificate /etc/nginx/ssl/freecodecamp.com.chained.crt;
+ ssl_certificate_key /etc/nginx/ssl/freecodecamp.key;
+
# general error
error_page 500 501 502 503 /500-oops.html;
@@ -117,3 +89,25 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
+server {
+ listen 80;
+ server_name webhook.freecodecamp.com;
+
+ location / {
+ include /etc/nginx/mime.types;
+
+ proxy_pass <%= prbot ip address %>
+ proxy_http_version 1.1;
+
+ proxy_read_timeout 60;
+ proxy_cache_bypass $http_upgrade;
+
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ proxy_set_header Host $host;
+
+ # add client's IP to proxy request to upstream node servers
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Real-IP $remote_addr;
+ }
+}

0 comments on commit fb7d3a3

Please sign in to comment.
Something went wrong with that request. Please try again.