about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <tazjin@gmail.com>2016-09-20T23·24+0200
committerVincent Ambo <tazjin@gmail.com>2016-09-21T00·29+0200
commit8bc007c7f3a6217fbbb7afb8aeca3abf948ca95b (patch)
tree24df6606162981dd73390b8c4f3b7cf9f7fd9bba
parentcfe9387af1c33df57cf1d2ca6a5c4f701b6f8e61 (diff)
[nginx/conf] Update TLS cert locations
The setup now uses my Kubernetes controller for Let's Encrypt.

This changes the nginx certificate locations to match the new secrets.
-rw-r--r--nginx/conf/http.conf21
-rw-r--r--nginx/conf/main.conf8
2 files changed, 21 insertions, 8 deletions
diff --git a/nginx/conf/http.conf b/nginx/conf/http.conf
index fc287e5f6bc6..c8b7d3d8de00 100644
--- a/nginx/conf/http.conf
+++ b/nginx/conf/http.conf
@@ -16,10 +16,10 @@ server {
 
 # Redirect for oslo.pub
 server {
-	listen 80;
+    listen 80;
     listen 443 ssl;
-	server_name oslo.pub *.oslo.pub;
-	return 302 https://git.tazj.in/tazjin/pubkartet;
+    server_name oslo.pub *.oslo.pub;
+    return 302 https://git.tazj.in/tazjin/pubkartet;
 }
 
 # Gogs web interface
@@ -31,10 +31,23 @@ server {
     }
 }
 
+# tazj.in -> www.tazj.in
+server {
+    listen 443 ssl http2;
+    server_name tazj.in;
+
+    ssl_certificate /etc/nginx/ssl/tazj.in/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/tazj.in/key.pem;
+
+    location / {
+        return 301 https://www.tazj.in$request_uri;
+    }
+}
+
 # TazBlog
 server {
     listen      443 ssl http2 default_server;
-    server_name www.tazj.in tazj.in default;
+    server_name www.tazj.in default;
 
     location / {
         proxy_pass http://tazblog-priv.default.svc.cluster.local/;
diff --git a/nginx/conf/main.conf b/nginx/conf/main.conf
index 3607aaf1bfba..5041d1fcaf77 100644
--- a/nginx/conf/main.conf
+++ b/nginx/conf/main.conf
@@ -38,8 +38,8 @@ http {
     access_log   /var/log/nginx/access.log  logstash;
 
     # Default tazj.in config (certs need to be overriden for other stuff, like oslo.pub)
-    ssl_certificate /etc/nginx/ssl/tazj.in/tls.crt;
-    ssl_certificate_key /etc/nginx/ssl/tazj.in/tls.key;
+    ssl_certificate /etc/nginx/ssl/www.tazj.in/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/www.tazj.in/key.pem;
 
     # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
     add_header Strict-Transport-Security max-age=15768000;
@@ -57,8 +57,8 @@ stream {
     ssl_session_tickets off;
 
     # Default tazj.in certificate
-    ssl_certificate /etc/nginx/ssl/tazj.in/tls.crt;
-    ssl_certificate_key /etc/nginx/ssl/tazj.in/tls.key;
+    ssl_certificate /etc/nginx/ssl/tazj.in/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/tazj.in/key.pem;
 
     include /etc/nginx/conf/stream.conf;
 }