<div dir="ltr"><div>That last "# managed by Certbot" section looks wrong - it shouldn't be using "if ($host = ...", since that's inefficient and there are much better ways to do it.</div><div><br></div><div>I have a very similar server, so here are the config files I use for it. I don't like pasting them into emails, so I made a GitHub Gist: <a href="https://gist.github.com/kohenkatz/08a74d757e0695f4ec3dc34c44ea4369">https://gist.github.com/kohenkatz/08a74d757e0695f4ec3dc34c44ea4369</a> (that also means I can edit it later if it doesn't work for you).</div><div><br></div><div>Note that with this configuration you have to run Certbot in "certonly" mode instead of nginx mode. However, that is very easy. </div><div>I have eight servers configured in this exact way (though most of them with applications other than Seafile and Mattermost, but it doesn't matter).</div><div><br></div><div>Here is the certbot command I use:</div><div><font face="monospace, monospace">sudo certbot certonly --webroot -w
<span style="color:rgb(36,41,46);font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">/usr/share/nginx/html -d <a href="http://domain-name-here.example.com">domain-name-here.example.com</a></span></font></div><div>(If you changed the path for `.well-known` in the config files in my Gist, you will also need to change it here.)<br></div><div><br></div><div>Let me know how this works for you.</div><div><br></div><div>Moshe</div><br clear="all"><div><div dir="ltr" class="gmail_signature"><div class="gmail_signature"><div dir="ltr">--<br>Moshe Katz<br>-- <a href="mailto:kohenkatz@gmail.com" target="_blank">kohenkatz@gmail.com</a><br>-- +1(301)867-3732</div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr">On Tue, May 15, 2018 at 4:32 PM Nginx-Chris <<a href="mailto:nginx-forum@forum.nginx.org">nginx-forum@forum.nginx.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear Moshe<br>
<br>
I did switch off the seafile configuration and that means that the normal<br>
<a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a> works again with nginx.,<br>
<br>
I did then do <br>
<br>
> sudo certbot --nginx<br>
<br>
and the <a href="http://sitechat.mydomain.com" rel="noreferrer" target="_blank">sitechat.mydomain.com</a> now runs on with SSL.<br>
<br>
So then I switch seafile conf on again --> Seafile works as always.<br>
<br>
AND mattermost on <a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a> works, but ONLY if I add https:// in<br>
front of the web address.<br>
<br>
So:<br>
<br>
<a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a> <-- does only work when seafile off (then redirects)<br>
<a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">http://chat.mydomain.com</a> <-- does only work when seafile off (then<br>
redirects)<br>
<br>
<a href="https://chat.mydomain.com" rel="noreferrer" target="_blank">https://chat.mydomain.com</a> <-- works when seafile is on and/or off.<br>
<br>
Why does nginx not redirect the <a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a> to https?<br>
<br>
The new config for <a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a> is this. it got changed by certbot<br>
automatically.<br>
<br>
MATTERMOST:<br>
<br>
server <a href="http://127.0.0.1:8065" rel="noreferrer" target="_blank">127.0.0.1:8065</a>;<br>
}<br>
<br>
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m<br>
max_size=3g inactive=120m use_temp_path=off;<br>
<br>
server { <br>
server_name <a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a>;<br>
<br>
location ~/api/v[0-9]+/(users/)?websocket$ {<br>
proxy_set_header Upgrade $http_upgrade;<br>
proxy_set_header Connection "upgrade";<br>
client_max_body_size 50M;<br>
proxy_set_header Host $http_host;<br>
proxy_set_header X-Real-IP $remote_addr;<br>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
proxy_set_header X-Forwarded-Proto $scheme;<br>
proxy_set_header X-Frame-Options SAMEORIGIN;<br>
proxy_buffers 256 16k;<br>
proxy_buffer_size 16k;<br>
proxy_read_timeout 600s;<br>
proxy_pass <a href="http://backend" rel="noreferrer" target="_blank">http://backend</a>;<br>
}<br>
<br>
location / {<br>
client_max_body_size 50M;<br>
proxy_set_header Connection "";<br>
proxy_set_header Host $http_host;<br>
proxy_set_header X-Real-IP $remote_addr;<br>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
proxy_set_header X-Forwarded-Proto $scheme;<br>
proxy_set_header X-Frame-Options SAMEORIGIN;<br>
proxy_buffers 256 16k;<br>
proxy_buffer_size 16k;<br>
proxy_read_timeout 600s;<br>
proxy_cache mattermost_cache;<br>
proxy_cache_revalidate on;<br>
proxy_cache_min_uses 2;<br>
proxy_cache_use_stale timeout;<br>
proxy_cache_lock on;<br>
proxy_pass <a href="http://backend" rel="noreferrer" target="_blank">http://backend</a>;<br>
}<br>
<br>
listen 443 ssl; # managed by Certbot<br>
ssl_certificate /etc/letsencrypt/live/<a href="http://chat.mydomain.com/fullchain.pem" rel="noreferrer" target="_blank">chat.mydomain.com/fullchain.pem</a>; #<br>
managed by Certbot<br>
ssl_certificate_key /etc/letsencrypt/live/<a href="http://chat.mydomain.com/privkey.pem" rel="noreferrer" target="_blank">chat.mydomain.com/privkey.pem</a>;<br>
# managed by Certbot<br>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<br>
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot<br>
<br>
}<br>
<br>
<br>
server {<br>
if ($host = <a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a>) {<br>
return 301 https://$host$request_uri;<br>
} # managed by Certbot<br>
<br>
<br>
<br>
listen 80;<br>
server_name <a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a>;<br>
return 404; # managed by Certbot<br>
<br>
Posted at Nginx Forum: <a href="https://forum.nginx.org/read.php?2,279794,279806#msg-279806" rel="noreferrer" target="_blank">https://forum.nginx.org/read.php?2,279794,279806#msg-279806</a><br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div>