diff options
| author | Mohammed Amar-Bensaber <renken@shione.net> | 2024-10-08 22:39:04 +0200 |
|---|---|---|
| committer | Mohammed Amar-Bensaber <renken@shione.net> | 2024-10-08 22:42:54 +0200 |
| commit | 56a088c5db54c2bf7137a0cc868e215268be1b34 (patch) | |
| tree | 194c40ec5ea0b63deee35a762ccad4f938e54390 | |
| parent | e43be6704109f237d968b09da937ea0558dc2e2f (diff) | |
| download | shione-56a088c5db54c2bf7137a0cc868e215268be1b34.tar.gz shione-56a088c5db54c2bf7137a0cc868e215268be1b34.zip | |
nginx: drop letsencrypt conf in favor of mozilla ssl
`certbox` argument parsing and plugin management isn't very suitable
when it comes to automating nginx configuration through Debian
packaging. It is not possible to instruct it to *only* generate
letsencrypt ssl configuration for nginx which breaks the postinst
script. Also missing fancyindex dependency was added.
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | files/etc/nginx/sites-available/shione.net | 12 |
2 files changed, 10 insertions, 4 deletions
diff --git a/debian/control b/debian/control index 3ff7ddf..4ce00f9 100644 --- a/debian/control +++ b/debian/control @@ -27,7 +27,7 @@ Description: Shione nftables configuration. Package: nginx-config Architecture: all Multi-Arch: foreign -Depends: ${misc:Depends}, nginx, certbot, python3-certbot-nginx +Depends: ${misc:Depends}, nginx, certbot, libnginx-mod-http-fancyindex Provides: ${diverted-files} Conflicts: ${diverted-files} Description: Shione nginx configuration. diff --git a/files/etc/nginx/sites-available/shione.net b/files/etc/nginx/sites-available/shione.net index 28f7afe..078927b 100644 --- a/files/etc/nginx/sites-available/shione.net +++ b/files/etc/nginx/sites-available/shione.net @@ -20,14 +20,21 @@ # # `fancyindex` is from `nginx-extras`. server { - listen 80 default_server; - listen [::]:80 default_server; + listen 80 default_server; + listen [::]:80 default_server; + location / { + return 301 https://$host$request_uri; + } +} + +server { # SSL configuration # # Partially generated by https://ssl-config.mozilla.org/. listen 443 ssl default_server; listen [::]:443 ssl default_server; + # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 @@ -43,7 +50,6 @@ server { ssl_certificate /etc/letsencrypt/live/shione.net/fullchain.pem; # managed by Certbot. ssl_certificate_key /etc/letsencrypt/live/shione.net/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; # OCSP stapling ssl_stapling on; |