Add IPv6 to all OpenResty sites

Co-authored-by: Greg Karékinian <greg@karekinian.com>
2026-02-12 17:05:14 +04:00
parent 9f862a89cc
commit 0933e9caa0
27 changed files with 30 additions and 27 deletions
--- a/nodes/draco.kosmos.org.json
+++ b/nodes/draco.kosmos.org.json
@@ -12,6 +12,7 @@
    },
    "openresty": {
      "listen_ip": "148.251.237.111",
+      "listen_ipv6": "2a01:4f8:202:804a::2",
      "log_formats": {
        "json": "{\"ip\":\"$remote_addr\",\"time\":\"$time_local\",\"host\":\"$host\",\"method\":\"$request_method\",\"uri\":\"$uri\",\"status\":$status,\"size\":$body_bytes_sent,\"referer\":\"$http_referer\",\"upstream_addr\":\"$upstream_addr\",\"upstream_response_time\":\"$upstream_response_time\",\"ua\":\"$http_user_agent\"}"
      }
--- a/site-cookbooks/discourse/templates/nginx_conf.erb
+++ b/site-cookbooks/discourse/templates/nginx_conf.erb
@@ -8,8 +8,8 @@ upstream _<%= @upstream_name %> {
 <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
 server {
  server_name <%= @server_name %>;
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
--- a/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts.erb
+++ b/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts.erb
@@ -11,7 +11,7 @@ proxy_cache_path <%= node[:openresty][:cache_dir] %>/akkounts levels=1:2

 server {
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
  server_name <%= @domain %>;

  if ($host != $server_name) {
--- a/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb
+++ b/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb
@@ -7,7 +7,7 @@ upstream _akkounts_api {

 server {
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
  server_name <%= @domain %>;

  ssl_certificate     <%= @ssl_cert %>;
--- a/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_btcpayserver.erb
+++ b/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_btcpayserver.erb
@@ -49,7 +49,7 @@ server {
  client_max_body_size 100M;
  server_name <%= @server_name %>;
  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  access_log <%= node[:nginx][:log_dir] %>/btcpayserver.access.log json;
  error_log <%= node[:nginx][:log_dir] %>/btcpayserver.error.log warn;
--- a/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb
+++ b/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb
@@ -7,7 +7,7 @@ upstream _lndhub {

 server {
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
  server_name <%= @server_name %>;

  add_header Strict-Transport-Security "max-age=15768000";
--- a/site-cookbooks/kosmos-btcpayserver/templates/nginx_conf_btcpayserver.erb
+++ b/site-cookbooks/kosmos-btcpayserver/templates/nginx_conf_btcpayserver.erb
@@ -49,7 +49,7 @@ server {
  server_name <%= @server_name %>;
  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
  <% else -%>
  listen 80;
  <% end -%>
--- a/site-cookbooks/kosmos-ejabberd/templates/nginx_conf_upload_service.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/nginx_conf_upload_service.erb
@@ -3,7 +3,7 @@

 server {
  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
  server_name <%= @server_name %>;

  ssl_certificate     <%= @ssl_cert %>;
--- a/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
+++ b/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
@@ -7,7 +7,7 @@ upstream _express_<%= @server_name.gsub(".", "_") %> {

 server {
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
  server_name <%= @server_name %>;

  add_header Strict-Transport-Security "max-age=15768000";
--- a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
+++ b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
@@ -12,7 +12,7 @@ upstream _ipfs_api {
 server {
  server_name <%= @server_name %>;
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  access_log /var/log/nginx/<%= @server_name %>.access.log;
  error_log  /var/log/nginx/<%= @server_name %>.error.log;
--- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
@@ -21,7 +21,7 @@ proxy_cache_path /var/cache/nginx/mastodon levels=1:2

 server {
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
  server_name <%= @server_name %>;
  include <%= @shared_config_path %>;

--- a/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb
+++ b/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb
@@ -3,7 +3,7 @@

 server {
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
  server_name <%= @domain %>;

  root /var/www/<%= @domain %>/site;
--- a/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb
+++ b/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb
@@ -9,7 +9,7 @@ upstream _discourse {
 server {
  server_name <%= @server_name %>;
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
--- a/site-cookbooks/kosmos_drone/templates/nginx_conf.erb
+++ b/site-cookbooks/kosmos_drone/templates/nginx_conf.erb
@@ -8,7 +8,7 @@ upstream _drone {
 server {
  server_name <%= @server_name %>;
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
--- a/site-cookbooks/kosmos_garage/templates/nginx_conf_s3.erb
+++ b/site-cookbooks/kosmos_garage/templates/nginx_conf_s3.erb
@@ -4,7 +4,7 @@ upstream garage_s3 {

 server {
  listen <%= "#{node[:openresty][:listen_ip]}:" if node[:openresty][:listen_ip] %>443 ssl http2;
-  listen [::]:443 http2 ssl;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
--- a/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb
+++ b/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb
@@ -1,6 +1,6 @@
 server {
  listen <%= "#{node[:openresty][:listen_ip]}:" if node[:openresty][:listen_ip] %>443 ssl http2;
-  listen [::]:443 http2 ssl;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  server_name <%= @server_name %>;

--- a/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb
+++ b/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb
@@ -6,7 +6,7 @@ upstream _gitea_web {
 server {
  server_name <%= @server_name %>;
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
--- a/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb
+++ b/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb
@@ -12,7 +12,7 @@ upstream _<%= @app_name %> {

 server {
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
  server_name <%= @server_name %>;

  access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log; # TODO json_liquor_cabinet;
--- a/site-cookbooks/kosmos_openresty/attributes/default.rb
+++ b/site-cookbooks/kosmos_openresty/attributes/default.rb
@@ -0,0 +1 @@
+node.default["openresty"]["listen_ipv6"] = "::"
--- a/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb
+++ b/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb
@@ -6,7 +6,7 @@ upstream _<%= @upstream_name %> {

 server {
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  server_name <%= @domain %>;

--- a/site-cookbooks/kosmos_strfry/templates/nginx_conf_strfry.erb
+++ b/site-cookbooks/kosmos_strfry/templates/nginx_conf_strfry.erb
@@ -13,7 +13,7 @@ upstream _substr {
 server {
  server_name <%= @domain %>;
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  access_log "/var/log/nginx/<%= @domain %>.access.log";
  error_log "/var/log/nginx/<%= @domain %>.error.log";
--- a/site-cookbooks/kosmos_website/templates/nginx_conf_redirect.erb
+++ b/site-cookbooks/kosmos_website/templates/nginx_conf_redirect.erb
@@ -3,7 +3,7 @@
 server {
  server_name <%= @domain %>;
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log;
  error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn;
--- a/site-cookbooks/kosmos_website/templates/nginx_conf_simple.erb
+++ b/site-cookbooks/kosmos_website/templates/nginx_conf_simple.erb
@@ -3,7 +3,7 @@
 server {
  server_name <%= @domain %>;
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  root /var/www/<%= @domain %>/public;

--- a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
+++ b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
@@ -3,6 +3,7 @@
 server {
  server_name _;
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>80 default_server;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:80 default_server;

  location / {
    return 301 https://<%= @domain %>;
@@ -12,7 +13,7 @@ server {
 server {
  server_name <%= @domain %>;
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2 default_server;
-  listen [::]:443 ssl http2 default_server;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2 default_server;

  if ($host != $server_name) {
    return 307 $scheme://$server_name;
--- a/site-cookbooks/kredits-github/templates/default/nginx_conf.erb
+++ b/site-cookbooks/kredits-github/templates/default/nginx_conf.erb
@@ -5,8 +5,8 @@ upstream _<%= @app_name %> {

 <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
 server {
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
  server_name <%= @server_name %>;

  access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log json;
--- a/site-cookbooks/openresty
+++ b/site-cookbooks/openresty
--- a/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb
+++ b/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb
@@ -8,7 +8,7 @@ upstream _rs_discourse {
 server {
  server_name <%= @server_name %>;
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;

  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
				`@@ -0,0 +1 @@`
				`node.default["openresty"]["listen_ipv6"] = "::"`