litecoin: add letsencrypt and disable directip

koh-gt · Mar 4, 2024 · 29e79a0 · 29e79a0
1 parent fdec87c
commit 29e79a0
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/production/nginx/nginx.conf b/production/nginx/nginx.conf
@@ -34,11 +34,30 @@ http {
 	include mempool/production/nginx/upstream-esplora.conf;
 	include mempool/production/nginx/server-esplora.conf;
 
+	# eliminate direct ip access
+	server {
+		listen 80 default_server;
+		listen 443 default_server;
+
+		ssl_reject_handshake on;
+		server_name _;
+		return 444;
+	}
+
 	server {
 		# clearnet v4/v6
 		#listen 443 ssl http2;
 		#listen [::]:443 ssl http2;
-		server_name litecoinspace.org;
+		server_name litecoinspace.org explorer.litecoin.net;
+
+		# letsencrypt for litecoinspace.org and explorer.litecoin.net	
+		listen 443 ssl; # managed by Certbot
+		ssl_certificate /etc/letsencrypt/live/litecoinspace.org/fullchain.pem; # managed by Certbot
+		ssl_certificate_key /etc/letsencrypt/live/litecoinspace.org/privkey.pem; # managed by Certbot
+		include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+		ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+		# enforce https redirection
 
 		# tor v3
 		# listen 127.0.0.1:81;