From 56a088c5db54c2bf7137a0cc868e215268be1b34 Mon Sep 17 00:00:00 2001
From: Mohammed Amar-Bensaber <renken@shione.net>
Date: Tue, 8 Oct 2024 22:39:04 +0200
Subject: nginx: drop letsencrypt conf in favor of mozilla ssl

`certbox` argument parsing and plugin management isn't very suitable
when it comes to automating nginx configuration through Debian
packaging. It is not possible to instruct it to *only* generate
letsencrypt ssl configuration for nginx which breaks the postinst
script. Also missing fancyindex dependency was added.
---
 files/etc/nginx/sites-available/shione.net | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'files/etc')

diff --git a/files/etc/nginx/sites-available/shione.net b/files/etc/nginx/sites-available/shione.net
index 28f7afe..078927b 100644
--- a/files/etc/nginx/sites-available/shione.net
+++ b/files/etc/nginx/sites-available/shione.net
@@ -20,14 +20,21 @@
 #
 # `fancyindex` is from `nginx-extras`.
 server {
-        listen 80 default_server;
-        listen [::]:80 default_server;
+    listen 80 default_server;
+    listen [::]:80 default_server;
 
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
         # SSL configuration
         #
         # Partially generated by https://ssl-config.mozilla.org/.
         listen 443 ssl default_server;
         listen [::]:443 ssl default_server;
+
         #
         # Note: You should disable gzip for SSL traffic.
         # See: https://bugs.debian.org/773332
@@ -43,7 +50,6 @@ server {
         ssl_certificate /etc/letsencrypt/live/shione.net/fullchain.pem;
         # managed by Certbot.
         ssl_certificate_key /etc/letsencrypt/live/shione.net/privkey.pem;
-        include /etc/letsencrypt/options-ssl-nginx.conf;
 
         # OCSP stapling
         ssl_stapling on;
-- 
cgit v1.2.3