server { listen [::]:80 default_server ipv6only=off; server_name _; server_tokens off; root /var/www/html; index index.html index.htm index.nginx-debian.html; location /admin/ { return 301 https://$host$request_uri; } location /acme/ { return 301 https://$host$request_uri; } location /directory { return 301 https://$host$request_uri; } location /ocsp/ { include proxy_params; proxy_pass http://127.0.0.1:4002/; } location /rate-limits { try_files $uri $uri.html $uri/ =404; } location /terms/ { try_files $uri $uri.html $uri/ =404; } } server { listen [::]:443 default_server ssl ipv6only=off; server_name _; server_tokens off; ssl_certificate /etc/nginx/ssl/labca_cert.pem; ssl_certificate_key /etc/nginx/ssl/labca_key.pem; root /var/www/html; index index.html index.htm index.nginx-debian.html; location ~ ^/admin/static/(.+) { alias /var/www/html/$1; } location ~ ^/admin/.+/static/(.+) { alias /var/www/html/$1; } location /admin/ { include proxy_params; proxy_set_header X-Request-Base "/admin"; proxy_pass http://127.0.0.1:3000/; error_page 502 504 /502.html; } location /admin/ws { include proxy_params; proxy_set_header X-Request-Base "/admin"; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_pass http://127.0.0.1:3000/ws; } location /acme/ { include proxy_params; proxy_pass http://127.0.0.1:4001; } location /directory { include proxy_params; proxy_pass http://127.0.0.1:4001; } location /ocsp/ { include proxy_params; proxy_pass http://127.0.0.1:4002/; } location /rate-limits { try_files $uri $uri.html $uri/ =404; } location /terms/ { try_files $uri $uri.html $uri/ =404; } # BEGIN temporary redirect location = / { return 302 /admin/; } # END temporary redirect }