Nginx

/etc/nginx/sites-available/00100.conf Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Nginx?oldid=54186#.2Fetc.2Fnginx.2Fsites-available.2F00100.conf Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Nginx#.2Fetc.2Fnginx.2Fsites-available.2F00100.conf|/etc/nginx/sites-available/00100.conf]]
Copy as Wikitext Click = Copy Copied to clipboard! [/etc/nginx/sites-available/00100.conf](https://www.kicksecure.com/wiki/Nginx?oldid=54186#.2Fetc.2Fnginx.2Fsites-available.2F00100.conf)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [/etc/nginx/sites-available/00100.conf](https://www.kicksecure.com/wiki/Nginx?oldid=54186#.2Fetc.2Fnginx.2Fsites-available.2F00100.conf)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Nginx?oldid=54186#.2Fetc.2Fnginx.2Fsites-available.2F00100.conf]/etc/nginx/sites-available/00100.conf[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

## default_server, apex domain (non-subdomain) or invalid subdomain catch-all

## redirect plaintext clearnet non-subdomain to TLS non-subdomain
server {
   listen 80 default_server;
   listen [::]:80 default_server;
   return 301 https://whonix.org$request_uri;
}

## redirect TLS clearnet non-subdomain to TLS www subdomain
server {
   listen 443 ssl http2 default_server;
   listen [::]:443 ssl http2 default_server;

   ssl_certificate /etc/letsencrypt/live/whonix.org/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/whonix.org/privkey.pem;
   ssl_trusted_certificate /etc/letsencrypt/live/whonix.org/fullchain.pem;
   include /etc/nginx/conf.d/hsts;

   return 301 https://www.whonix.org$request_uri;
}

## redirect onion non-subdomain to www subdomain
server {
   listen 127.0.0.1:70;
   server_name dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion;

   return 301 http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion$request_uri;
}

/etc/nginx/sites-available/www.conf Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Nginx?oldid=54186#.2Fetc.2Fnginx.2Fsites-available.2Fwww.conf Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Nginx#.2Fetc.2Fnginx.2Fsites-available.2Fwww.conf|/etc/nginx/sites-available/www.conf]]
Copy as Wikitext Click = Copy Copied to clipboard! [/etc/nginx/sites-available/www.conf](https://www.kicksecure.com/wiki/Nginx?oldid=54186#.2Fetc.2Fnginx.2Fsites-available.2Fwww.conf)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [/etc/nginx/sites-available/www.conf](https://www.kicksecure.com/wiki/Nginx?oldid=54186#.2Fetc.2Fnginx.2Fsites-available.2Fwww.conf)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Nginx?oldid=54186#.2Fetc.2Fnginx.2Fsites-available.2Fwww.conf]/etc/nginx/sites-available/www.conf[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

## http clearnet port 80 unencrypted listener
server {
   listen 80;
   listen [::]:80;
   server_name www.whonix.org;
   return 301 https://www.whonix.org$request_uri;
}

## clearnet www
server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name www.whonix.org;

   ssl_certificate /etc/letsencrypt/live/whonix.org/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/whonix.org/privkey.pem;
   ssl_trusted_certificate /etc/letsencrypt/live/whonix.org/fullchain.pem;
   include /etc/nginx/conf.d/hsts;

   more_set_headers "Onion-Location: http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion$request_uri";

   include /etc/nginx/conf.d/www;
}

## onion www
server {
   listen 127.0.0.1:70;
   server_name www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion;

   more_set_headers "X-Robots-Tag: noindex, nofollow";

   include /etc/nginx/conf.d/www;
}