kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 28 Pull Requests 3 Projects 2 Activity

Fix the nginx vhost for akkounts-api

Browse Source 
Listening on port 80 when there is no TLS cert prevented Let's Encrypt
to generate a cert
This commit is contained in:
Greg Karékinian 2019-10-18 13:26:04 +02:00
parent f8af66a532
commit 2c20fa4a2f
1 changed files with 2 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts-api.erb
View File

@ -1,23 +1,15 @@
# Generated by Chef # Generated by Chef
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
upstream _akkounts { upstream _akkounts {
server localhost:<%= @port %>; server localhost:<%= @port %>;
} }
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server { server {
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
listen 443 ssl http2; listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=15768000"; add_header Strict-Transport-Security "max-age=15768000";
ssl_certificate <%= @ssl_cert %>; ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>; ssl_certificate_key <%= @ssl_key %>;
<% else -%>
listen 80;
<% end -%>
server_name <%= @server_name %>; server_name <%= @server_name %>;
@ -33,3 +25,4 @@ server {
} }
} }
<% end -%>