1 files changed, 51 insertions, 0 deletions

diff --git a/nginx/taar-o.com b/nginx/taar-o.com
new file mode 100644
index 0000000..998bc9d
--- /dev/null
+++ b/nginx/taar-o.com
@@ -0,0 +1,51 @@
+server {
+    server_name www.taar-o.com taar-o.com;
+
+    root /var/www/taar-o.com;
+    index index.html;
+
+    location /.well-known/acme-challenge/ {
+        alias /var/www/taar-o.com/.well-known/acme-challenge/;
+        try_files $uri =404;
+    }
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/www.taar-o.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/www.taar-o.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+
+    location /api/ {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+}
+server {
+    if ($host = taar-o.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = www.taar-o.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    server_name www.taar-o.com taar-o.com;
+    return 404; # managed by Certbot
+
+
+
+
+}