From 6ffdf0a28611e418e074890c3577ed1191481dbe Mon Sep 17 00:00:00 2001
From: bachhungcb <bachhungcb@gmail.com>
Date: Sat, 4 Apr 2026 17:05:41 +0700
Subject: [PATCH 1/2] update nginx conf for better redirection

---
 nginx/nginx.conf | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 4d5081d..cece815 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -5,8 +5,15 @@
 # }
 server {
     listen 80;
-    return 301 https://$host$request_uri; # Redirect HTTP sang HTTPS
-    
+    server_name comp.soict.io; 
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
 }
 
 server{
-- 
2.46.0.windows.1


From e7a3b20d326c656bcad380d12aecdd93841e10f3 Mon Sep 17 00:00:00 2001
From: bachhungcb <bachhungcb@gmail.com>
Date: Sat, 4 Apr 2026 19:19:17 +0700
Subject: [PATCH 2/2] Update cert to authorized cert for better https

---
 nginx/nginx.conf | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index cece815..79a2346 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -12,6 +12,8 @@ server {
     }
 
     location / {
+        # root /usr/share/nginx/html;
+        # index index.html index.htm;
         return 301 https://$host$request_uri;
     }
 }
@@ -19,9 +21,12 @@ server {
 server{
     listen 443 ssl;
     server_name comp.soict.io;
-    ssl_certificate     /etc/nginx/ssl/nginx-selfsigned.crt;
-    ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;
+    ssl_certificate     /etc/letsencrypt/live/comp.soict.io/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/comp.soict.io/privkey.pem;
 
+    ssl_protocols       TLSv1.2 TLSv1.3;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+    
     set $backend_server 172.18.10.8:8080;
     
     root /usr/share/nginx/html;
-- 
2.46.0.windows.1