Your first config (with Let's Encrypt cert
server {
listen [::]:80;
server_name mydomain.com mydomain.com;
return 301 https://$host$request_url;
}
server {
listen [::]:443 ssl;
server_name mydomain.com mydomain.com;
root /var/www/ghost;
index index.html;
ssl_certificate=/etc/letsencrypt/live/bishesna/fullchain.pem;
ssl_certificate_key=/etc/letsencrypt/live/bishesna/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
}
Your second config (with self-signed cert)
server {
listen 80;
server_name ghost2.mywebsite.com www.ghost2.mywebsite.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name ghost2.mywebsite.com www.ghost2.mywebsite.com;
ssl_certificate /etc/ssl/certs/selfsigned.crt;
ssl_certificate_key /etc/ssl/private/selfsigned.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/www/ghost2;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
| Aspect |
First Config (Let's Encrypt) |
Second Config (Self-Signed) |
| SSL Certificate Type |
Trusted CA-signed (Let’s Encrypt) |
Self-signed (untrusted by browsers) |
| Listen Addresses |
IPv6 only ([::]) |
IPv4 only |
| SSL Cert Paths |
/etc/letsencrypt/live/... |
/etc/ssl/certs/selfsigned.crt |
| SSL Settings |
No explicit protocols or ciphers (defaults) |
Explicit TLS 1.2 & 1.3 and cipher suite settings |
| Root directory |
/var/www/ghost |
/var/www/ghost2 |
try_files syntax |
Has a minor typo (try_files $uri $uri/= 404) |
Correct (try_files $uri $uri/ =404;) |