8bc007c7f3
The setup now uses my Kubernetes controller for Let's Encrypt. This changes the nginx certificate locations to match the new secrets.
55 lines
1.1 KiB
Text
55 lines
1.1 KiB
Text
# Default TLS redirect
|
|
server {
|
|
listen 80;
|
|
server_name *.tazj.in tazj.in;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
# Simple IP echo thing
|
|
server {
|
|
listen 80;
|
|
server_name ip.tazj.in;
|
|
access_log off;
|
|
add_header "Content-Type" "text/plain";
|
|
return 200 "$remote_addr\n";
|
|
}
|
|
|
|
# Redirect for oslo.pub
|
|
server {
|
|
listen 80;
|
|
listen 443 ssl;
|
|
server_name oslo.pub *.oslo.pub;
|
|
return 302 https://git.tazj.in/tazjin/pubkartet;
|
|
}
|
|
|
|
# Gogs web interface
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name git.tazj.in;
|
|
location / {
|
|
proxy_pass http://gogs-priv.default.svc.cluster.local:3000;
|
|
}
|
|
}
|
|
|
|
# tazj.in -> www.tazj.in
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name tazj.in;
|
|
|
|
ssl_certificate /etc/nginx/ssl/tazj.in/fullchain.pem;
|
|
ssl_certificate_key /etc/nginx/ssl/tazj.in/key.pem;
|
|
|
|
location / {
|
|
return 301 https://www.tazj.in$request_uri;
|
|
}
|
|
}
|
|
|
|
# TazBlog
|
|
server {
|
|
listen 443 ssl http2 default_server;
|
|
server_name www.tazj.in default;
|
|
|
|
location / {
|
|
proxy_pass http://tazblog-priv.default.svc.cluster.local/;
|
|
}
|
|
}
|