-
-
Notifications
You must be signed in to change notification settings - Fork 169
/
example_server_overrides.conf
62 lines (49 loc) · 2.16 KB
/
example_server_overrides.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
server {
# Listen to port 443 on both IPv4 and IPv6.
listen 443 ssl;
listen [::]:443 ssl;
# Domain names this server should respond to.
server_name yourdomain.org;
server_name www.yourdomain.org; # certbot_domain:*.yourdomain.org
# Load the certificate files.
ssl_certificate /etc/letsencrypt/live/test-name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test-name/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/test-name/chain.pem;
# Load the Diffie-Hellman parameter.
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
return 200 'You have reached either yourdomain.org or www.yourdomain.org';
add_header Content-Type text/plain;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name sub1.yourdomain.org sub2.yourdomain.org; # certbot_domain:*.yourdomain.org
ssl_certificate /etc/letsencrypt/live/test-name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test-name/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/test-name/chain.pem;
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
return 200 'You have reached either sub1.yourdomain.org or sub2.yourdomain.org';
add_header Content-Type text/plain;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
# Server names that start with ~ will be ignored, and in this example the
# "test-name" certificate will already include *.yourdomain.org which will
# cover all the cases here.
server_name ~^(?<user>.+)\.yourdomain\.org$;
ssl_certificate /etc/letsencrypt/live/test-name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test-name/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/test-name/chain.pem;
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
location / {
# Return content based on the capture group in the server name.
# Note: "sub1" and "sub2" will be caught by the sever above.
root /content/$user;
}
}
server {
# Drop any request that does not match any of the other server names.
listen 443 ssl default_server;
ssl_reject_handshake on;
}