Nginx Web Server¶
VPS3 Sites¶
All sites use separate server blocks for bare domain (SSL) and www→non-www redirect.
| Config File | Domain | Backend |
|---|---|---|
| kedevo | kedevo.com | proxy_pass 127.0.0.1:5010 (default_server) |
| topcoasters | topcoasters.co.uk | proxy_pass 127.0.0.1:5011 |
| uptime-kuma | status.kedevo.com | proxy_pass 127.0.0.1:3001 |
| docs | docs.kedevo.com | Static files /var/www/docs/site/ |
VPS2 Sites¶
| Domain | Backend | Notes |
|---|---|---|
| yardpro.uk | proxy_pass 127.0.0.1:5001 |
.NET Blazor |
| api.yardpro.uk | proxy_pass 127.0.0.1:5000 |
.NET API |
| catalog.yardpro.uk | proxy_pass 127.0.0.1:5002 |
Flask catalog |
| post.kedevo.com | Stalwart mail | Webmail/admin |
Config Pattern¶
Each site follows this structure:
# HTTPS main block
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# ...
location / {
proxy_pass http://127.0.0.1:PORT;
}
}
# www → non-www redirect
server {
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
# HTTP → HTTPS redirect
server {
listen 80;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
SSL Configuration¶
- All certs via Let's Encrypt (certbot) with webroot verification
- Auto-renewal via systemd timer (
certbot.timer) - Shared config:
/etc/letsencrypt/options-ssl-nginx.conf - DH params:
/etc/letsencrypt/ssl-dhparams.pem