From 29e79a046f2d263a923e820df3a27cd2556b5423 Mon Sep 17 00:00:00 2001 From: losh11 Date: Mon, 4 Mar 2024 03:14:47 +0000 Subject: [PATCH] litecoin: add letsencrypt and disable directip --- production/nginx/nginx.conf | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/production/nginx/nginx.conf b/production/nginx/nginx.conf index daa018b0c..00bcacd31 100644 --- a/production/nginx/nginx.conf +++ b/production/nginx/nginx.conf @@ -34,11 +34,30 @@ http { include mempool/production/nginx/upstream-esplora.conf; include mempool/production/nginx/server-esplora.conf; + # eliminate direct ip access + server { + listen 80 default_server; + listen 443 default_server; + + ssl_reject_handshake on; + server_name _; + return 444; + } + server { # clearnet v4/v6 #listen 443 ssl http2; #listen [::]:443 ssl http2; - server_name litecoinspace.org; + server_name litecoinspace.org explorer.litecoin.net; + + # letsencrypt for litecoinspace.org and explorer.litecoin.net + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/litecoinspace.org/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/litecoinspace.org/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + # enforce https redirection # tor v3 # listen 127.0.0.1:81;