From a122003265ca874aefbb2f4d5b7684ec22c373fb Mon Sep 17 00:00:00 2001
From: Nathan Chapman <contact@nathanjchapman.com>
Date: Tue, 23 Jan 2024 08:44:56 -0700
Subject: [PATCH] Add ssl section for forwarded domain

---
 nginx/prod.conf | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/nginx/prod.conf b/nginx/prod.conf
index d04f0d8..8c288a4 100644
--- a/nginx/prod.conf
+++ b/nginx/prod.conf
@@ -60,6 +60,27 @@ server {
 
 
 server {
-  server_name porttownsendcoffee.com www.porttownsendcoffee.com;
-  return 301 http://ptcoffee.com;
+    listen 80;
+    server_name porttownsendcoffee.com www.porttownsendcoffee.com;
+    return 301 http://ptcoffee.com;
+}
+
+server {
+    listen 443 ssl;
+    server_name porttownsendcoffee.com www.porttownsendcoffee.com;
+
+    # SSL
+    ssl_certificate /etc/letsencrypt/live/porttownsendcoffee.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/porttownsendcoffee.com/privkey.pem;
+
+    ssl_session_cache shared:le_nginx_SSL:10m;
+    ssl_session_timeout 1440m;
+    ssl_session_tickets off;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers off;
+
+    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+
+    return 301 https://ptcoffee.com;
 }