Use ssl for main site

upgrade non ssl trafic add webhook endpoint
FreeCodeCamp · fb7d3a3146def5f1ceef3ae0e2628f0eb6f1aed5 · BerkeleyTrue committed Mar 16, 2016 · Mar 16, 2016 · fb7d3a3
1 parent 71da57f
commit fb7d3a3146def5f1ceef3ae0e2628f0eb6f1aed5
Unified Split

Showing with 41 additions and 47 deletions.

+41 −47 default-server.nginx.conf
@@ -1,68 +1,40 @@
-
 # prevent non freecodecamp traffic
 server {
     # returning 444 here will immediately drop the connection
     return 444;
 }
 
-
-# setup to redirect those that get to fcc through https
-# this will send them a minimal page that will redirect them to non https site once loaded.
-# express handles serving the page that will redirect them
+# redirect root to www subdomain
+server {
+    listen 80;
+    server_name freecodecamp.com;
+    return 301 $scheme://www.freecodecamp.com$request_uri;
+}
 server {
     listen 443 ssl;
-    server_name freecodecamp.com www.freecodecamp.com;
-
+    server_name freecodecamp.com;
     ssl on;
-    ssl_certificate /etc/nginx/ssl/freecodecamp/freecodecamp.com.chained.crt;
-    ssl_certificate_key /etc/nginx/ssl/freecodecamp/freecodecamp.key;
-
-    error_page 500 502 503 504 /500.html;
-
-    location = /500-oops.html {
-        root /home/freecodecamp/static;
-    }
-
-    location = /main.css {
-        root /home/freecodecamp/static;
-    }
-
-    location / {
-        include /etc/nginx/mime.types;
-        proxy_pass http://127.0.0.1:1337;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host $host;
-
-        proxy_read_timeout 60;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Real-IP $remote_addr;
-
-        proxy_cache_bypass $http_upgrade;
-
-        proxy_buffering on;
-        proxy_buffer_size 1k;
-        proxy_buffers 24 4k;
-        proxy_busy_buffers_size 8k;
-        proxy_max_temp_file_size 2048m;
-        proxy_temp_file_write_size 32k;
-    }
+    ssl_certificate /etc/nginx/ssl/freecodecamp.com.chained.crt;
+    ssl_certificate_key /etc/nginx/ssl/freecodecamp.key;
+    return 301 $scheme://www.freecodecamp.com$request_uri;
 }
 
-# redirect root to www subdomain
+# upgrade ssl
 server {
     listen 80;
-    server_name freecodecamp.com;
-
-    return 301 $scheme://www.freecodecamp.com$request_uri;
+    server_name www.freecodecamp.com;
+    return 301 https://www.freecodecamp.com$request_uri;
 }
 
-# main server
+# ssl
 server {
-    listen 80;
+    listen 443 ssl;
     server_name www.freecodecamp.com;
 
+    ssl on;
+    ssl_certificate /etc/nginx/ssl/freecodecamp.com.chained.crt;
+    ssl_certificate_key /etc/nginx/ssl/freecodecamp.key;
+
     # general error
     error_page 500 501 502 503 /500-oops.html;
 
@@ -117,3 +89,25 @@ server {
         proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
     }
 }
+server {
+    listen 80;
+    server_name webhook.freecodecamp.com;
+
+    location / {
+        include /etc/nginx/mime.types;
+
+        proxy_pass <%= prbot ip address %>
+        proxy_http_version 1.1;
+
+        proxy_read_timeout 60;
+        proxy_cache_bypass $http_upgrade;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+
+        # add client's IP to proxy request to upstream node servers
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+}