Fix the nginx vhost for akkounts-api

Listening on port 80 when there is no TLS cert prevented Let's Encrypt to generate a cert
2019-10-18 13:26:04 +02:00 · 2019-10-18 13:26:04 +02:00 · 2c20fa4a2f
commit 2c20fa4a2f
parent f8af66a532
1 changed files with 2 additions and 9 deletions
--- a/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts-api.erb
+++ b/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts-api.erb
@ -1,23 +1,15 @@
 # Generated by Chef
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
 upstream _akkounts {
  server   localhost:<%= @port %>;
 }

-map $http_upgrade $connection_upgrade {
-  default upgrade;
-  '' close;
-}
-
 server {
-  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
  listen 443 ssl http2;
  add_header Strict-Transport-Security "max-age=15768000";

  ssl_certificate <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
-  <% else -%>
-  listen 80;
-  <% end -%>

  server_name <%= @server_name %>;

@ -33,3 +25,4 @@ server {
   }

 }
+<% end -%>