diff --git a/nginx/.certbot.lock b/nginx/.certbot.lock deleted file mode 100644 index e69de29..0000000 diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 66e79d5..bcc9d9e 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -11,8 +11,6 @@ events { } http { -server_names_hash_bucket_size 128; -include /etc/letsencrypt/le_http_01_cert_challenge.conf; #Configuraçoes de Cache proxy_cache_path /var/cache/nginx/zabbix_cache levels=1:2 keys_zone=zabbix_cache:10m max_size=1g inactive=60m use_temp_path=off; proxy_cache_path /var/cache/nginx/api_cache levels=1:2 keys_zone=api_cache:10m max_size=100m inactive=5m use_temp_path=off; diff --git a/nginx/sites-available/itguys.com.br.conf b/nginx/sites-available/itguys.com.br.conf index bff66bf..01b361d 100644 --- a/nginx/sites-available/itguys.com.br.conf +++ b/nginx/sites-available/itguys.com.br.conf @@ -7,9 +7,15 @@ # ============================================================================== # BLOCO 1: Redirecionar todo o tráfego da porta 80 para a versão segura COM WWW # ============================================================================== -server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot +server { + if ($host = itguys.com.br) { + return 301 https://$host$request_uri; + } # managed by Certbot -rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot + + if ($host = www.itguys.com.br) { + return 301 https://$host$request_uri; + } # managed by Certbot listen 80; @@ -23,37 +29,27 @@ rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot location / { return 301 https://www.itguys.com.br$request_uri; } -location = /.well-known/acme-challenge/fObg6kmtXxT0pCvfWlW7_9b3WPoz4IdJO9m2XDYCtao{default_type text/plain;return 200 fObg6kmtXxT0pCvfWlW7_9b3WPoz4IdJO9m2XDYCtao.6NQOP-_cyjMVLz8P4PfH0klS5ZH2qgREfeMrgpUfnEk;} # managed by Certbot - -location = /.well-known/acme-challenge/kELgSA_q9xno4P2oLbwdYF-eIgOdCeQHYVjsluVycZg{default_type text/plain;return 200 kELgSA_q9xno4P2oLbwdYF-eIgOdCeQHYVjsluVycZg.6NQOP-_cyjMVLz8P4PfH0klS5ZH2qgREfeMrgpUfnEk;} # managed by Certbot - } # ============================================================================== # BLOCO 2: Redirecionar o tráfego HTTPS SEM WWW para a versão COM WWW # ============================================================================== -server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot - - +server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name itguys.com.br; - #ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; - #ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem; - #ssl_trusted_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; + ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; return 301 https://www.itguys.com.br$request_uri; -location = /.well-known/acme-challenge/fObg6kmtXxT0pCvfWlW7_9b3WPoz4IdJO9m2XDYCtao{default_type text/plain;return 200 fObg6kmtXxT0pCvfWlW7_9b3WPoz4IdJO9m2XDYCtao.6NQOP-_cyjMVLz8P4PfH0klS5ZH2qgREfeMrgpUfnEk;} # managed by Certbot - } # ============================================================================== # BLOCO 3: O SERVIDOR PRINCIPAL E CANÓNICO (HTTPS COM WWW) # ============================================================================== -server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot - - +server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.itguys.com.br; @@ -109,6 +105,7 @@ server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot proxy_cache_valid 200 5m; proxy_pass http://172.16.12.17:80; } -location = /.well-known/acme-challenge/kELgSA_q9xno4P2oLbwdYF-eIgOdCeQHYVjsluVycZg{default_type text/plain;return 200 kELgSA_q9xno4P2oLbwdYF-eIgOdCeQHYVjsluVycZg.6NQOP-_cyjMVLz8P4PfH0klS5ZH2qgREfeMrgpUfnEk;} # managed by Certbot + ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem; # managed by Certbot }