Fix the Let's Encrypt setup for mediawiki

2017-06-19 18:40:20 +02:00 · 2017-06-19 18:40:20 +02:00 · 0bb6204a0d
commit 0bb6204a0d
parent edca6608c7
2 changed files with 20 additions and 9 deletions
--- a/site-cookbooks/kosmos-mediawiki/recipes/default.rb
+++ b/site-cookbooks/kosmos-mediawiki/recipes/default.rb
@ -47,6 +47,13 @@ cookbook_file "#{node['mediawiki']['webdir']}/skins/common/images/kosmos.png" do
  mode 0640
 end

+directory "#{node['mediawiki']['webdir']}/.well-known/acme-challenge" do
+  owner     node["nginx"]["user"]
+  group     node["nginx"]["group"]
+  recursive true
+  action    :create
+end
+
 include_recipe "mediawiki"
 include_recipe "kosmos-nginx"
 include_recipe "mediawiki::nginx"
--- a/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb
+++ b/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb
@ -1,5 +1,18 @@
 server {
        listen 80;
+        server_name <%= @server_name %>;
+        access_log   /var/log/nginx/<%= @server_name %>.access.log;
+        error_log    /var/log/nginx/<%= @server_name %>.error.log;
+
+        location /.well-known {
+                root <%= @docroot %>;
+        }
+        location / {
+                return 301 https://$host$request_uri;
+        }
+}
+
+server {
        <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
        listen 443 ssl;
        <% end -%>
@ -13,15 +26,6 @@ server {

        location / {
                try_files $uri $uri/ /index.php?$args;
-                <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
-                set $redirect_to_ssl "no";
-                if ($ssl_protocol = "") {
-                        set $redirect_to_ssl "yes";
-                }
-                if ($redirect_to_ssl = yes) {
-                        rewrite ^(.*) https://$host$1 permanent;
-                }
-                <% end -%>
        }

        location ~ \.php$ {