From d9e59efd6391ed018628db12b9a52ac533717c87 Mon Sep 17 00:00:00 2001
From: Ashley Rich <hello@ashleyrich.com>
Date: Fri, 12 Apr 2019 19:18:56 +0100
Subject: [PATCH 1/2] Add Let's Encrypt instructions

---
 docs/misc/NGINX.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/docs/misc/NGINX.md b/docs/misc/NGINX.md
index f899eac8..d0dea4e0 100644
--- a/docs/misc/NGINX.md
+++ b/docs/misc/NGINX.md
@@ -19,6 +19,37 @@ server {
 }
 ```
 
+If you wish to protect your site using a [Let's Encrypt](https://letsencrypt.org/) HTTPS certificate, you can do so using the [Certbot webroot plugin](https://certbot.eff.org/docs/using.html#webroot). Your `/etc/nginx/sites-enabled/yourfathom.com` file should be updated accordingly:
+
+```
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name yourfathom.com;
+
+	ssl_certificate /path/to/your/fullchain.pem;
+	ssl_certificate_key /path/to/your/privkey.pem;
+
+	location /.well-known {
+		alias /var/www/yourfathom.com/.well-known;
+	}
+
+	location / {
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $remote_addr;
+		proxy_set_header Host $host;
+		proxy_pass http://127.0.0.1:9000; 
+	}
+}
+```
+
+The `alias` directive should point to the location where your `--webroot-path` is specified when generating the certificate (with `/.well-known` appended).
+
+```
+certbot certonly --webroot --webroot-path /var/www/yourfathom.com -d yourfathom.com
+```
+
 ### Test NGINX configuration
 ```
 sudo nginx -t

From c084d99e5f5a75a8b9feaca28581d1199a78fde4 Mon Sep 17 00:00:00 2001
From: Ashley Rich <hello@ashleyrich.com>
Date: Fri, 12 Apr 2019 20:48:24 +0100
Subject: [PATCH 2/2] Update NGINX.md

Improve order
---
 docs/misc/NGINX.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/docs/misc/NGINX.md b/docs/misc/NGINX.md
index d0dea4e0..d7f95114 100644
--- a/docs/misc/NGINX.md
+++ b/docs/misc/NGINX.md
@@ -19,7 +19,13 @@ server {
 }
 ```
 
-If you wish to protect your site using a [Let's Encrypt](https://letsencrypt.org/) HTTPS certificate, you can do so using the [Certbot webroot plugin](https://certbot.eff.org/docs/using.html#webroot). Your `/etc/nginx/sites-enabled/yourfathom.com` file should be updated accordingly:
+If you wish to protect your site using a [Let's Encrypt](https://letsencrypt.org/) HTTPS certificate, you can do so using the [Certbot webroot plugin](https://certbot.eff.org/docs/using.html#webroot). 
+
+```
+certbot certonly --webroot --webroot-path /var/www/yourfathom.com -d yourfathom.com
+```
+
+Your `/etc/nginx/sites-enabled/yourfathom.com` file should be updated accordingly:
 
 ```
 server {
@@ -46,10 +52,6 @@ server {
 
 The `alias` directive should point to the location where your `--webroot-path` is specified when generating the certificate (with `/.well-known` appended).
 
-```
-certbot certonly --webroot --webroot-path /var/www/yourfathom.com -d yourfathom.com
-```
-
 ### Test NGINX configuration
 ```
 sudo nginx -t