From 62232d6828ac7b1f10c68c50b733525cfd65808d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=9C=D0=B8=D1=85=D0=B0=D0=B8=D0=BB=20=D0=9A=D0=B0=D0=BF?=
 =?UTF-8?q?=D0=B5=D0=BB=D1=8C=D0=BA=D0=BE?= <m.kapelko@iva-tech.ru>
Date: Fri, 5 Sep 2025 23:28:47 +0300
Subject: [PATCH] add cert

---
 cert.renew |  3 +++
 nginx/cfg  | 18 ++++++++++++------
 2 files changed, 15 insertions(+), 6 deletions(-)
 create mode 100755 cert.renew

diff --git a/cert.renew b/cert.renew
new file mode 100755
index 0000000..e5907d4
--- /dev/null
+++ b/cert.renew
@@ -0,0 +1,3 @@
+#!/bin/bash
+# https://habr.com/ru/articles/735712/
+certbot certonly --manual --preferred-challenges http -d "kornerr.ru"
diff --git a/nginx/cfg b/nginx/cfg
index 079181e..834b7c1 100644
--- a/nginx/cfg
+++ b/nginx/cfg
@@ -1,11 +1,17 @@
+# Redirect HTTP to HTTPS
 server {
-  listen 80 default_server;
-  listen [::]:80 default_server;
+  listen 80;
+  server_name kornerr.ru;
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+  listen 443 ssl;
+  server_name kornerr.ru;
+
+  ssl_certificate /etc/encrypt/fullchain.pem;
+  ssl_certificate_key /etc/encrypt/privkey.pem;
 
-  # SSL configuration
-  #
-  # listen 443 ssl default_server;
-  # listen [::]:443 ssl default_server;
   #
   # Note: You should disable gzip for SSL traffic.
   # See: https://bugs.debian.org/773332