www-nginx
Reverse proxy for the Node.js app which serves www.stephen.cresswell.net
Features
- Forces upgrade to SSL
- Adds X-Real-IP header
- Maintains Host header
- Compresses all the typical mimetypes
- Logs routed to stderr and stdout
- Turns off server tokens
- Exposes
/well-known/acme-challenge
for automatic certificate renewals via certbot - Includes certbot configuration for first use
Let's Encrypt and Certbot
To obtain certificates from Let’s Encrypt for the first time:
- Comment out the local, stage and live configurations in the dockerfile.
- Uncomment the certbot configuration
- Build
- Deploy
Now nginx will be listening on stephen-cresswell.net, www.stephen-cresswell.net and stage.stephen-cresswell.net without SSL, enabling lets encrypt to find the temporary secrets under /well-known/acme-challenge generated by certbot.