About the redirections I’ve mentioned before, I’m thinking it’s better to follow more closely Ghost CLI’s way to do it, with four files (usually in /var/www/ghost/system/files/) instead of one file per domain, including redirections and Let’s Encrypt configuration:
For http://example.com → https://example.com (file example.com.conf):
server {
listen 93.184.216.34:80;
server_name example.com;
location ~ /.well-known {
allow all;
}
location / {
return 301 https://example.com$request_uri;
}
}
For http://www.example.com → https://example.com (file www.example.com.conf):
server {
listen 93.184.216.34:80;
server_name www.example.com;
location ~ /.well-known {
allow all;
}
location / {
return 301 https://example.com$request_uri;
}
}
For https://www.example.com → https://example.com (file www.example.com-ssl.conf):
server {
listen 93.184.216.34:443 ssl http2;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/www.example.com/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/www.example.com/www.example.com.key;
include /etc/nginx/snippets/ssl-params.conf;
location ~ /.well-known {
allow all;
}
location / {
return 301 https://example.com$request_uri;
}
}
For https://example.com (file example.com-ssl.conf):
server {
listen 93.184.216.34:443 default_server ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
include /etc/nginx/snippets/ssl-params.conf;
(...)
location ~ /.well-known {
allow all;
}
(...)
}