diff options
| author | Vincent Ambo <tazjin@gmail.com> | 2016-09-20T23·24+0200 |
|---|---|---|
| committer | Vincent Ambo <tazjin@gmail.com> | 2016-09-21T00·29+0200 |
| commit | 8bc007c7f3a6217fbbb7afb8aeca3abf948ca95b (patch) | |
| tree | 24df6606162981dd73390b8c4f3b7cf9f7fd9bba | |
| parent | cfe9387af1c33df57cf1d2ca6a5c4f701b6f8e61 (diff) | |
[nginx/conf] Update TLS cert locations
The setup now uses my Kubernetes controller for Let's Encrypt. This changes the nginx certificate locations to match the new secrets.
| -rw-r--r-- | nginx/conf/http.conf | 21 | ||||
| -rw-r--r-- | nginx/conf/main.conf | 8 |
2 files changed, 21 insertions, 8 deletions
diff --git a/nginx/conf/http.conf b/nginx/conf/http.conf index fc287e5f6bc6..c8b7d3d8de00 100644 --- a/nginx/conf/http.conf +++ b/nginx/conf/http.conf @@ -16,10 +16,10 @@ server { # Redirect for oslo.pub server { - listen 80; + listen 80; listen 443 ssl; - server_name oslo.pub *.oslo.pub; - return 302 https://git.tazj.in/tazjin/pubkartet; + server_name oslo.pub *.oslo.pub; + return 302 https://git.tazj.in/tazjin/pubkartet; } # Gogs web interface @@ -31,10 +31,23 @@ server { } } +# tazj.in -> www.tazj.in +server { + listen 443 ssl http2; + server_name tazj.in; + + ssl_certificate /etc/nginx/ssl/tazj.in/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/tazj.in/key.pem; + + location / { + return 301 https://www.tazj.in$request_uri; + } +} + # TazBlog server { listen 443 ssl http2 default_server; - server_name www.tazj.in tazj.in default; + server_name www.tazj.in default; location / { proxy_pass http://tazblog-priv.default.svc.cluster.local/; diff --git a/nginx/conf/main.conf b/nginx/conf/main.conf index 3607aaf1bfba..5041d1fcaf77 100644 --- a/nginx/conf/main.conf +++ b/nginx/conf/main.conf @@ -38,8 +38,8 @@ http { access_log /var/log/nginx/access.log logstash; # Default tazj.in config (certs need to be overriden for other stuff, like oslo.pub) - ssl_certificate /etc/nginx/ssl/tazj.in/tls.crt; - ssl_certificate_key /etc/nginx/ssl/tazj.in/tls.key; + ssl_certificate /etc/nginx/ssl/www.tazj.in/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/www.tazj.in/key.pem; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; @@ -57,8 +57,8 @@ stream { ssl_session_tickets off; # Default tazj.in certificate - ssl_certificate /etc/nginx/ssl/tazj.in/tls.crt; - ssl_certificate_key /etc/nginx/ssl/tazj.in/tls.key; + ssl_certificate /etc/nginx/ssl/tazj.in/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/tazj.in/key.pem; include /etc/nginx/conf/stream.conf; } |