I think it is unfortunate that certbot does it this way, with an if
statement, which i believe is evaluated in every request. I use something
like the following (with your names):
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name pstn.host www.pstn.host;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/pstn.host/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pstn.host/privkey.pem;
....reset of config
}
Not part of your question, but I also use the hooks in webroot mode, rather
than nginx, for certbot, so it's never modifies my configuration, as the
sites-enabled files are managed by a configuration management system across
about 100 domains, some with special requirements.
HTH,
Jeff
On Tue, Nov 28, 2017 at 11:40 AM, pstnta <nginx-fo...@forum.nginx.org>
wrote:
> hi,
>
> thanks for answering,
>
> shouldn't that forward everything to https? so shouldn't it work with just
> pstn.host? instead of https://pstn.host
>
> Posted at Nginx Forum: https://forum.nginx.org/read.
> php?2,277546,277548#msg-277548
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
