From fcb0d84373d7f8475be88461c8f71104ff51179c Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Wed, 1 Apr 2020 10:04:36 -0400
Subject: [PATCH] split out virtual server for www subdomain

---
 nginx/server.conf | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/nginx/server.conf b/nginx/server.conf
index d2c21645..a2b31cc7 100644
--- a/nginx/server.conf
+++ b/nginx/server.conf
@@ -13,7 +13,27 @@ server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
 
-    server_name www.grapheneos.org grapheneos.org;
+    server_name www.grapheneos.org;
+
+    ssl_certificate /etc/letsencrypt/live/grapheneos.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/grapheneos.org/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    ssl_trusted_certificate /etc/letsencrypt/live/grapheneos.org/chain.pem;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    root /var/empty;
+
+    return 301 https://grapheneos.org$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name grapheneos.org;
 
     ssl_certificate /etc/letsencrypt/live/grapheneos.org/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/grapheneos.org/privkey.pem;
@@ -30,10 +50,6 @@ server {
     include /etc/nginx/snippets/security-headers.conf;
     gzip_static on;
 
-    if ($host != "grapheneos.org") {
-        return 301 https://grapheneos.org$request_uri;
-    }
-
     if ($request_uri ~ ^/(.*)\.html$) {
         return 301 /$1;
     }