From ceb541471d3ba09e77981e726a37a02014e84fe6 Mon Sep 17 00:00:00 2001 From: server-hotfix Date: Wed, 18 Jun 2025 17:24:43 +0000 Subject: [PATCH] initial public commit --- conf.d/.example.conf | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 conf.d/.example.conf diff --git a/conf.d/.example.conf b/conf.d/.example.conf new file mode 100644 index 0000000..36442fe --- /dev/null +++ b/conf.d/.example.conf @@ -0,0 +1,42 @@ +# ----------------------------------------------------------------------------- +# EXAMPLE virtual-host config +# Copy to conf.d/, replace "example.com" & "app" with your own values. +# ----------------------------------------------------------------------------- +server { + # Primary and wildcard hostnames + server_name example.com *.example.com; + + # Docker-embedded resolver; 127.0.0.11 is the default for user-defined networks + resolver 127.0.0.11 valid=30s; + set $target http://app:80; # ⇐ upstream container / service name + + location / { + # Preserve client metadata + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Scheme / host / port forward for apps that need absolute URLs + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port 443; + + # Ship it + proxy_pass $target; + } + + # --- TLS (managed by Certbot) ------------------------------------------- + listen [::]:443 ssl; + ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + include /etc/letsencrypt/options.conf; + ssl_dhparam /etc/letsencrypt/dhparam.pem; +} + +# Optional HTTP block — kept minimal so Certbot can attach HTTP-01 later +server { + server_name example.com *.example.com; + listen 80; + return 404; +} +