server { listen 443 default_server; server_name portal.actcur.com; resolver {{resolver}}; set $certbot "https://salt.actcur.com"; ssl on; ssl_certificate /etc/nginx/certs/portal.actcur.com/fullchain.pem; ssl_certificate_key /etc/nginx/certs/portal.actcur.com/privkey.pem; ssl_session_cache shared:SSL:10m; location /.well-known/acme-challenge/ { proxy_pass $certbot; proxy_set_header Host $host; } location /auth_verify { internal; proxy_pass_request_body off; proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_set_header Content-Length ""; proxy_pass https://authelia.actcur.com/api/verify; } location /unauthenticated.php { try_files $uri $document_root$fastcgi_script_name =404; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi.conf; index index.php; root /srv/http/portal/public; } location /authenticated.php { auth_request /auth_verify; error_page 401 =302 https://portal.actcur.com/unauthenticated.php; try_files $uri $document_root$fastcgi_script_name =404; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi.conf; index index.php; root /srv/http/portal/public; } location / { return 301 https://portal.actcur.com/authenticated.php; } error_log /var/log/nginx/portal_error.log; access_log /var/log/nginx/portal_access.log; } server { listen 80 default_server; server_name portal.actcur.com; resolver {{resolver}}; set $certbot "http://salt.actcur.com"; location /.well-known/acme-challenge/ { proxy_pass $certbot; proxy_set_header Host $host; } location / { rewrite ^ https://$host$request_uri? permanent; } error_log /var/log/nginx/portal_error.log; access_log /var/log/nginx/portal_access.log; }