Signal-TLS-Proxy/data/nginx-terminate/nginx.conf

user  nginx;
worker_processes  auto;

events {
    worker_connections  1024;
}

http {
    server {
        listen 80;

        location /.well-known/acme-challenge/ {
            # init-certificate.sh uses --standalone, so we must proxy renewals to the certbot server
            proxy_pass http://certbot:80;
        }

        location / {
            return 404;
        }
    }
}

stream {

    upstream relay {
         server nginx-relay:4433;
    }

    server {
        listen                443 ssl;
        proxy_pass            relay;

        access_log            off;
        error_log             /dev/null;

        ssl_certificate /etc/letsencrypt/active/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/active/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
     }

}
Big bang 2021-01-28 13:34:53 -05:00			`user nginx;`
			`worker_processes auto;`

			`events {`
			`worker_connections 1024;`
			`}`

			`http {`
			`server {`
			`listen 80;`

			`location /.well-known/acme-challenge/ {`
proxy `/.well-known/acme-challenge/` to the certbot server (#38) 2023-01-05 11:59:19 -05:00			`# init-certificate.sh uses --standalone, so we must proxy renewals to the certbot server`
			`proxy_pass http://certbot:80;`
Big bang 2021-01-28 13:34:53 -05:00			`}`
Return 404 by default 2022-09-22 18:35:46 -04:00
			`location / {`
			`return 404;`
			`}`
Big bang 2021-01-28 13:34:53 -05:00			`}`
			`}`

			`stream {`

			`upstream relay {`
			`server nginx-relay:4433;`
			`}`

			`server {`
			`listen 443 ssl;`
			`proxy_pass relay;`

			`access_log off;`
			`error_log /dev/null;`

			`ssl_certificate /etc/letsencrypt/active/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/active/privkey.pem;`
			`include /etc/letsencrypt/options-ssl-nginx.conf;`
			`ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;`
			`}`

			`}`