Enable SSL in Nginx configuration

2025-09-09 23:12:51 +00:00 · 2025-09-09 15:38:40 +03:00
parent b195e58c8f
commit d2222d9c2e
1 changed files with 32 additions and 32 deletions
--- a/files/nginx/conf/000-default.conf
+++ b/files/nginx/conf/000-default.conf
@@ -19,7 +19,7 @@ server {
        root   /usr/share/nginx/html;
        index  index.html index.htm;

-        #return 301 https://$host$request_uri;
+        return 301 https://$host$request_uri;
    }

    if ($request_method !~ ^(GET|HEAD|POST)$ )
@@ -28,43 +28,43 @@ server {
    }
 }

-# server {
+server {

-#     listen  443 ssl default_server;
-#     listen  [::]:443 ssl default_server;
+    listen  443 ssl default_server;
+    listen  [::]:443 ssl default_server;

-#     server_name _;
+    server_name _;

-#     http2 on;
+    http2 on;

-#     ssl_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/fullchain.pem;
-#     ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-niinisalo/privkey.pem;
-#     ssl_protocols TLSv1.2 TLSv1.3;
-#     ssl_ecdh_curve X25519:prime256v1:secp384r1;
-#     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
-#     ssl_prefer_server_ciphers off;
-#     ssl_session_cache shared:SSL:20m;
-#     ssl_session_timeout 180m;
+    ssl_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/fullchain.pem;
+    ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-niinisalo/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ecdh_curve X25519:prime256v1:secp384r1;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+    ssl_prefer_server_ciphers off;
+    ssl_session_cache shared:SSL:20m;
+    ssl_session_timeout 180m;

-#     ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/chain.pem;
+    ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/chain.pem;

-#     expires off;
-#     etag off;
-#     if_modified_since off;
+    expires off;
+    etag off;
+    if_modified_since off;

-#     gzip on;
-#     gzip_min_length 1000;
-#     gzip_proxied any;
-#     gzip_types *;
-#     gunzip on;
+    gzip on;
+    gzip_min_length 1000;
+    gzip_proxied any;
+    gzip_types *;
+    gunzip on;

-#     location / {
-#         root   /usr/share/nginx/html;
-#         index  index.html index.htm;
-#     }
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }

-#     if ($request_method !~ ^(GET|HEAD|POST)$ )
-#     {
-#        return 405;
-#     }
-# }
+    if ($request_method !~ ^(GET|HEAD|POST)$ )
+    {
+       return 405;
+    }
+}