# Redirect HTTP to HTTPS
server {
server_name …;
listen 80;
listen [::]:80;
access_log …;
error_log …;
return 301 https://…$request_uri;
}
server {
server_name …;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# SSL/TLS settings
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_certificate /etc/letsencrypt/live/…/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/…/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/…/chain.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_stapling on;
ssl_stapling_verify on;
(…)
}