Skip to content

Commit 4d2a524

Browse files
featheredtoastfeatheredtoast
committed
Implement feedback
* Bundle well-known location http passthrough into base ssl template. * Always configure to listen on ipv4 and v6
1 parent 0832bf8 commit 4d2a524

File tree

2 files changed

+9
-24
lines changed

2 files changed

+9
-24
lines changed

templates/web.letsencrypt.ssl.template.yml

Lines changed: 1 addition & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -19,20 +19,6 @@ run:
1919
LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./acme.sh --upgrade --auto-upgrade
2020
LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./acme.sh --set-default-ca --server letsencrypt
2121
22-
cat << EOF > /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
23-
server {
24-
listen 80;
25-
26-
location ~ /.well-known {
27-
root /var/www/discourse/public;
28-
allow all;
29-
}
30-
location / {
31-
return 301 https://${DISCOURSE_HOSTNAME}$request_uri;
32-
}
33-
}
34-
EOF
35-
3622
cat << EOF > /etc/nginx/letsencrypt.conf
3723
user www-data;
3824
worker_processes auto;
@@ -54,6 +40,7 @@ run:
5440
5541
server {
5642
listen 80;
43+
listen [::]:80;
5744
5845
location ~ /.well-known {
5946
root /var/www/discourse/public;
@@ -63,11 +50,6 @@ run:
6350
}
6451
EOF
6552
66-
if [ -f "/proc/net/if_inet6" ] ; then
67-
sed -i 's/listen 80;/listen 80;\nlisten [::]:80;/g' /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
68-
sed -i 's/listen 80;/listen 80;\nlisten [::]:80;/g' /etc/nginx/letsencrypt.conf
69-
fi
70-
7153
sed -Ei "s/^#?ACCOUNT_EMAIL=.+/ACCOUNT_EMAIL=${LETSENCRYPT_ACCOUNT_EMAIL}/" \
7254
/shared/letsencrypt/account.conf
7355

templates/web.ssl.template.yml

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,13 @@ run:
2727
cat << EOF > /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
2828
server {
2929
listen 80;
30+
listen [::]:80;
31+
32+
location ~ /.well-known {
33+
root /var/www/discourse/public;
34+
allow all;
35+
}
36+
3037
return 301 https://${DISCOURSE_HOSTNAME}$request_uri;
3138
}
3239
EOF
@@ -35,6 +42,7 @@ run:
3542
3643
cat << EOF > /etc/nginx/conf.d/outlets/server/20-https.conf
3744
listen 443 ssl;
45+
listen [::]:443 ssl;
3846
http2 on;
3947
4048
ssl_protocols TLSv1.2 TLSv1.3;
@@ -58,8 +66,3 @@ run:
5866
cat << EOF > /etc/nginx/conf.d/outlets/discourse/20-https.conf
5967
add_header Strict-Transport-Security 'max-age=31536000';
6068
EOF
61-
62-
if [ -f "/proc/net/if_inet6" ] ; then
63-
sed -i 's/listen 80;/listen 80;\nlisten [::]:80;/g' /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
64-
sed -i 's/listen 443 ssl;/listen 443 ssl;\nlisten [::]:443 ssl;/g' /etc/nginx/conf.d/outlets/server/20-https.conf
65-
fi

0 commit comments

Comments
 (0)