olsch01
42767e3119
- nginx/ssl.conf: full HTTPS config with HTTP→HTTPS redirect, modern TLS settings, HSTS header, and ACME challenge passthrough for renewals - nginx/certbot-init.conf: minimal HTTP config for initial cert provisioning - docker-compose.ssl.yml: compose override adding port 443, certbot volumes, and auto-renewal sidecar container - docs/DEPLOYMENT.md: comprehensive 3-phase SSL walkthrough (obtain cert, enable SSL, auto-renewal) with day-to-day usage and revert instructions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
19 lines
543 B
Plaintext
19 lines
543 B
Plaintext
# Temporary nginx config — used ONLY during the initial certbot certificate
|
|
# request. Once the cert is obtained, switch to ssl.conf and restart nginx.
|
|
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
|
|
# Certbot ACME challenge
|
|
location /.well-known/acme-challenge/ {
|
|
root /var/www/certbot;
|
|
}
|
|
|
|
# Return 503 for everything else so it's obvious this is not the real app
|
|
location / {
|
|
return 503 "SSL certificate is being provisioned. Try again in a minute.\n";
|
|
add_header Content-Type text/plain;
|
|
}
|
|
}
|