aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRenken <renken@shione.net>2023-12-24 23:44:41 +0100
committerRenken <renken@shione.net>2024-02-20 22:54:05 +0100
commit81b8b02ac9486a1e5248b56351712059faede632 (patch)
treef5567232ef1b4ed21787a2712a9e942aee0889e7
parent5c25b1d0e778a2a5f20f6ce5b07e2ae272abf613 (diff)
downloadshione-81b8b02ac9486a1e5248b56351712059faede632.tar.gz
shione-81b8b02ac9486a1e5248b56351712059faede632.zip
config, deploy: shione: nginx: enable https support
-rw-r--r--config/shione/nginx/debian/control2
-rw-r--r--config/shione/nginx/files/etc/nginx/sites-available/shione.net9
l---------config/shione/nginx/files/etc/nginx/sites-enabled/homepage.conf1
l---------config/shione/nginx/files/etc/nginx/sites-enabled/shione.net1
-rw-r--r--deploy/shione/nginx/create_nginx_user.sh4
5 files changed, 13 insertions, 4 deletions
diff --git a/config/shione/nginx/debian/control b/config/shione/nginx/debian/control
index 4b5b056..23693f4 100644
--- a/config/shione/nginx/debian/control
+++ b/config/shione/nginx/debian/control
@@ -9,7 +9,7 @@ Standards-Version: 4.1.0
Package: nginx-config
Architecture: all
Multi-Arch: foreign
-Depends: ${misc:Depends}, nginx
+Depends: ${misc:Depends}, nginx, certbot, python3-certbot-nginx
Provides: ${diverted-files}
Conflicts: ${diverted-files}
Description: Shione nginx configuration.
diff --git a/config/shione/nginx/files/etc/nginx/sites-available/shione.net b/config/shione/nginx/files/etc/nginx/sites-available/shione.net
index 8dde59a..d35f0f8 100644
--- a/config/shione/nginx/files/etc/nginx/sites-available/shione.net
+++ b/config/shione/nginx/files/etc/nginx/sites-available/shione.net
@@ -24,8 +24,8 @@ server {
# SSL configuration
#
- # listen 443 ssl default_server;
- # listen [::]:443 ssl default_server;
+ listen 443 ssl default_server;
+ listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
@@ -37,6 +37,11 @@ server {
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
+ # managed by Certbot.
+ ssl_certificate /etc/letsencrypt/live/shione.net/fullchain.pem;
+ # managed by Certbot.
+ ssl_certificate_key /etc/letsencrypt/live/shione.net/privkey.pem;
+ include /etc/letsencrypt/options-ssl-nginx.conf;
root /var/www/html/www.shione.net;
diff --git a/config/shione/nginx/files/etc/nginx/sites-enabled/homepage.conf b/config/shione/nginx/files/etc/nginx/sites-enabled/homepage.conf
deleted file mode 120000
index 040f974..0000000
--- a/config/shione/nginx/files/etc/nginx/sites-enabled/homepage.conf
+++ /dev/null
@@ -1 +0,0 @@
-../sites-available/homepage.conf \ No newline at end of file
diff --git a/config/shione/nginx/files/etc/nginx/sites-enabled/shione.net b/config/shione/nginx/files/etc/nginx/sites-enabled/shione.net
new file mode 120000
index 0000000..2c390bf
--- /dev/null
+++ b/config/shione/nginx/files/etc/nginx/sites-enabled/shione.net
@@ -0,0 +1 @@
+../sites-available/shione.net \ No newline at end of file
diff --git a/deploy/shione/nginx/create_nginx_user.sh b/deploy/shione/nginx/create_nginx_user.sh
index 8d5f13d..ebddaa5 100644
--- a/deploy/shione/nginx/create_nginx_user.sh
+++ b/deploy/shione/nginx/create_nginx_user.sh
@@ -3,3 +3,7 @@
set -eu
adduser --system --no-create-home --verbose --debug nginx
+
+apt install nginx certbot python3-certbot-nginx
+
+certbot --nginx -d shione.net -d www.shione.net