Initial Let's Encrypt setup for Kosmos subdomains

Refs #6
2016-05-06 16:41:06 +02:00
parent 3da46705ba
commit 0aaf3f3b55
6 changed files with 46 additions and 69 deletions
--- a/site-cookbooks/sockethub/templates/default/nginx_conf_sockethub.erb
+++ b/site-cookbooks/sockethub/templates/default/nginx_conf_sockethub.erb
@@ -9,8 +9,11 @@ map $http_upgrade $connection_upgrade {
 }

 server {
+  listen 80; # For Let's Encrypt
+  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
  listen <%= @sockethub_external_port %> ssl spdy;
  add_header Strict-Transport-Security "max-age=15768000";
+  <% end -%>

  server_name <%= @server_name %>;

@@ -20,6 +23,10 @@ server {
  # We might need real ETags, disable those for now
  gzip off;

+  location /.well-known {
+    root "/var/www/sockethub";
+  }
+
  location / {
    # an HTTP header important enough to have its own Wikipedia entry:
    #  http://en.wikipedia.org/wiki/X-Forwarded-For
@@ -50,6 +57,8 @@ server {
    add_header 'Access-Control-Allow-Origin' '*';
   }

+  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
  ssl_certificate <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
+  <% end -%>
 }