renken/shione
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nginx: drop letsencrypt conf in favor of mozilla ssl

Browse source 
`certbox` argument parsing and plugin management isn't very suitable
when it comes to automating nginx configuration through Debian
packaging. It is not possible to instruct it to *only* generate
letsencrypt ssl configuration for nginx which breaks the postinst
script. Also missing fancyindex dependency was added.
This commit is contained in:
Mohammed Amar-Bensaber 2024-10-08 22:39:04 +02:00
parent e43be67041
commit 56a088c5db
Signed by: renken
GPG key ID: 1F2BB159B645E575
2 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
debian/control vendored
View file

@ -27,7 +27,7 @@ Description: Shione nftables configuration.
Package: nginx-config
Architecture: all
Multi-Arch: foreign
Depends: ${misc:Depends}, nginx, certbot, python3-certbot-nginx
Depends: ${misc:Depends}, nginx, certbot, libnginx-mod-http-fancyindex
Provides: ${diverted-files}
Conflicts: ${diverted-files}
Description: Shione nginx configuration.

12
files/etc/nginx/sites-available/shione.net
View file

@ -20,14 +20,21 @@
#
# `fancyindex` is from `nginx-extras`.
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 80 default_server;
listen [::]:80 default_server;
location / {
return 301 https://$host$request_uri;
}
}
server {
# SSL configuration
#
# Partially generated by https://ssl-config.mozilla.org/.
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
@ -43,7 +50,6 @@ server {
ssl_certificate /etc/letsencrypt/live/shione.net/fullchain.pem;
# managed by Certbot.
ssl_certificate_key /etc/letsencrypt/live/shione.net/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
# OCSP stapling
ssl_stapling on;