letsbe
/
letsbe-hub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix nginx config for certbot workflow
Build and Push Docker Image / lint-and-typecheck (push) Successful in 1m35s Details
Build and Push Docker Image / build (push) Has been cancelled Details 

- Remove SSL block that referenced non-existent certificates
- HTTP-only config passes nginx -t before certbot
- Certbot --nginx will add SSL configuration automatically

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Matt 2026-01-17 14:28:37 +01:00
parent e876a4c967
commit 71ddeacac2
1 changed files with 5 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
deploy/nginx/hub.conf
View File

@ -1,45 +1,13 @@
# LetsBe Hub - Nginx Configuration # LetsBe Hub - Nginx Configuration
# Place this in /etc/nginx/sites-available/hub.conf # Place this in /etc/nginx/sites-available/hub.conf
# Then: ln -s /etc/nginx/sites-available/hub.conf /etc/nginx/sites-enabled/ # Then: ln -s /etc/nginx/sites-available/hub.conf /etc/nginx/sites-enabled/
# And: nginx -t && systemctl reload nginx # Then: nginx -t && systemctl reload nginx
# Then: certbot --nginx -d hub.letsbe.solutions
# Redirect HTTP to HTTPS
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name hub.yourdomain.com; server_name hub.letsbe.solutions;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
# HTTPS server
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name hub.yourdomain.com;
# SSL certificates (Let's Encrypt)
ssl_certificate /etc/letsencrypt/live/hub.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hub.yourdomain.com/privkey.pem;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Logging # Logging
access_log /var/log/nginx/hub.access.log; access_log /var/log/nginx/hub.access.log;
@ -64,13 +32,13 @@ server {
# Timeouts (longer for SSE streams) # Timeouts (longer for SSE streams)
proxy_connect_timeout 60s; proxy_connect_timeout 60s;
proxy_send_timeout 60s; proxy_send_timeout 60s;
proxy_read_timeout 300s; # 5 min for SSE log streaming proxy_read_timeout 300s;
# Buffering (disable for SSE) # Buffering (disable for SSE)
proxy_buffering off; proxy_buffering off;
proxy_cache off; proxy_cache off;
# Max body size (for file uploads if needed) # Max body size
client_max_body_size 50M; client_max_body_size 50M;
} }
} }