From 56a088c5db54c2bf7137a0cc868e215268be1b34 Mon Sep 17 00:00:00 2001 From: Mohammed Amar-Bensaber Date: Tue, 8 Oct 2024 22:39:04 +0200 Subject: nginx: drop letsencrypt conf in favor of mozilla ssl `certbox` argument parsing and plugin management isn't very suitable when it comes to automating nginx configuration through Debian packaging. It is not possible to instruct it to *only* generate letsencrypt ssl configuration for nginx which breaks the postinst script. Also missing fancyindex dependency was added. --- files/etc/nginx/sites-available/shione.net | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'files/etc/nginx/sites-available') diff --git a/files/etc/nginx/sites-available/shione.net b/files/etc/nginx/sites-available/shione.net index 28f7afe..078927b 100644 --- a/files/etc/nginx/sites-available/shione.net +++ b/files/etc/nginx/sites-available/shione.net @@ -20,14 +20,21 @@ # # `fancyindex` is from `nginx-extras`. server { - listen 80 default_server; - listen [::]:80 default_server; + listen 80 default_server; + listen [::]:80 default_server; + location / { + return 301 https://$host$request_uri; + } +} + +server { # SSL configuration # # Partially generated by https://ssl-config.mozilla.org/. listen 443 ssl default_server; listen [::]:443 ssl default_server; + # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 @@ -43,7 +50,6 @@ server { ssl_certificate /etc/letsencrypt/live/shione.net/fullchain.pem; # managed by Certbot. ssl_certificate_key /etc/letsencrypt/live/shione.net/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; # OCSP stapling ssl_stapling on; -- cgit v1.2.3