nginx: drop letsencrypt conf in favor of mozilla ssl

`certbox` argument parsing and plugin management isn't very suitable when it comes to automating nginx configuration through Debian packaging. It is not possible to instruct it to *only* generate letsencrypt ssl configuration for nginx which breaks the postinst script. Also missing fancyindex dependency was added.
2024-10-08 22:39:04 +02:00 · 2024-10-08 22:39:04 +02:00 · 56a088c5db
commit 56a088c5db
parent e43be67041
2 changed files with 10 additions and 4 deletions
--- a/debian/control
+++ b/debian/control
@ -27,7 +27,7 @@ Description: Shione nftables configuration.
 Package: nginx-config
 Architecture: all
 Multi-Arch: foreign
-Depends: ${misc:Depends}, nginx, certbot, python3-certbot-nginx
+Depends: ${misc:Depends}, nginx, certbot, libnginx-mod-http-fancyindex
 Provides: ${diverted-files}
 Conflicts: ${diverted-files}
 Description: Shione nginx configuration.
--- a/files/etc/nginx/sites-available/shione.net
+++ b/files/etc/nginx/sites-available/shione.net
@ -20,14 +20,21 @@
 #
 # `fancyindex` is from `nginx-extras`.
 server {
-        listen 80 default_server;
+    listen 80 default_server;
-        listen [::]:80 default_server;
+    listen [::]:80 default_server;
    location / {
        return 301 https://$host$request_uri;
    }
 }
 server {
        # SSL configuration
        #
        # Partially generated by https://ssl-config.mozilla.org/.
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
@ -43,7 +50,6 @@ server {
        ssl_certificate /etc/letsencrypt/live/shione.net/fullchain.pem;
        # managed by Certbot.
        ssl_certificate_key /etc/letsencrypt/live/shione.net/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        # OCSP stapling
        ssl_stapling on;