From 0933e9caa0a93aba09903f0ddc417323c7c924af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 12 Feb 2026 17:05:14 +0400 Subject: [PATCH] Add IPv6 to all OpenResty sites MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Greg Karékinian --- nodes/draco.kosmos.org.json | 1 + site-cookbooks/discourse/templates/nginx_conf.erb | 4 ++-- .../kosmos-akkounts/templates/nginx_conf_akkounts.erb | 2 +- .../kosmos-akkounts/templates/nginx_conf_akkounts_api.erb | 2 +- .../kosmos-bitcoin/templates/nginx_conf_btcpayserver.erb | 2 +- site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb | 2 +- .../kosmos-btcpayserver/templates/nginx_conf_btcpayserver.erb | 2 +- .../kosmos-ejabberd/templates/nginx_conf_upload_service.erb | 2 +- .../kosmos-hubot/templates/default/nginx_conf_hubot.erb | 2 +- .../templates/default/nginx_conf_ipfs.kosmos.org.erb | 2 +- .../kosmos-mastodon/templates/default/nginx_conf_mastodon.erb | 2 +- site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb | 2 +- site-cookbooks/kosmos_discourse/templates/nginx_conf.erb | 2 +- site-cookbooks/kosmos_drone/templates/nginx_conf.erb | 2 +- site-cookbooks/kosmos_garage/templates/nginx_conf_s3.erb | 2 +- site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb | 2 +- .../kosmos_gitea/templates/default/nginx_conf_web.erb | 2 +- .../templates/nginx_conf_liquor-cabinet.erb | 2 +- site-cookbooks/kosmos_openresty/attributes/default.rb | 1 + site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb | 2 +- site-cookbooks/kosmos_strfry/templates/nginx_conf_strfry.erb | 2 +- .../kosmos_website/templates/nginx_conf_redirect.erb | 2 +- site-cookbooks/kosmos_website/templates/nginx_conf_simple.erb | 2 +- .../kosmos_website/templates/nginx_conf_website.erb | 3 ++- .../kredits-github/templates/default/nginx_conf.erb | 4 ++-- site-cookbooks/openresty | 2 +- .../remotestorage_discourse/templates/nginx_conf.erb | 2 +- 27 files changed, 30 insertions(+), 27 deletions(-) create mode 100644 site-cookbooks/kosmos_openresty/attributes/default.rb diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json index 535cba5..2a12862 100644 --- a/nodes/draco.kosmos.org.json +++ b/nodes/draco.kosmos.org.json @@ -12,6 +12,7 @@ }, "openresty": { "listen_ip": "148.251.237.111", + "listen_ipv6": "2a01:4f8:202:804a::2", "log_formats": { "json": "{\"ip\":\"$remote_addr\",\"time\":\"$time_local\",\"host\":\"$host\",\"method\":\"$request_method\",\"uri\":\"$uri\",\"status\":$status,\"size\":$body_bytes_sent,\"referer\":\"$http_referer\",\"upstream_addr\":\"$upstream_addr\",\"upstream_response_time\":\"$upstream_response_time\",\"ua\":\"$http_user_agent\"}" } diff --git a/site-cookbooks/discourse/templates/nginx_conf.erb b/site-cookbooks/discourse/templates/nginx_conf.erb index b480ead..02e1565 100644 --- a/site-cookbooks/discourse/templates/nginx_conf.erb +++ b/site-cookbooks/discourse/templates/nginx_conf.erb @@ -8,8 +8,8 @@ upstream _<%= @upstream_name %> { <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> server { server_name <%= @server_name %>; - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>; diff --git a/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts.erb b/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts.erb index 671c8f9..3f85dae 100644 --- a/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts.erb +++ b/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts.erb @@ -11,7 +11,7 @@ proxy_cache_path <%= node[:openresty][:cache_dir] %>/akkounts levels=1:2 server { listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; server_name <%= @domain %>; if ($host != $server_name) { diff --git a/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb b/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb index 02e1112..cf46517 100644 --- a/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb +++ b/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb @@ -7,7 +7,7 @@ upstream _akkounts_api { server { listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; server_name <%= @domain %>; ssl_certificate <%= @ssl_cert %>; diff --git a/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_btcpayserver.erb b/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_btcpayserver.erb index 3cfec3f..a2862e3 100644 --- a/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_btcpayserver.erb +++ b/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_btcpayserver.erb @@ -49,7 +49,7 @@ server { client_max_body_size 100M; server_name <%= @server_name %>; listen 443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; access_log <%= node[:nginx][:log_dir] %>/btcpayserver.access.log json; error_log <%= node[:nginx][:log_dir] %>/btcpayserver.error.log warn; diff --git a/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb b/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb index 6401f97..d5f6ebb 100644 --- a/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb +++ b/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb @@ -7,7 +7,7 @@ upstream _lndhub { server { listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; server_name <%= @server_name %>; add_header Strict-Transport-Security "max-age=15768000"; diff --git a/site-cookbooks/kosmos-btcpayserver/templates/nginx_conf_btcpayserver.erb b/site-cookbooks/kosmos-btcpayserver/templates/nginx_conf_btcpayserver.erb index 7ddd862..5ba99f2 100644 --- a/site-cookbooks/kosmos-btcpayserver/templates/nginx_conf_btcpayserver.erb +++ b/site-cookbooks/kosmos-btcpayserver/templates/nginx_conf_btcpayserver.erb @@ -49,7 +49,7 @@ server { server_name <%= @server_name %>; <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> listen 443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; <% else -%> listen 80; <% end -%> diff --git a/site-cookbooks/kosmos-ejabberd/templates/nginx_conf_upload_service.erb b/site-cookbooks/kosmos-ejabberd/templates/nginx_conf_upload_service.erb index 2f2018f..239928e 100644 --- a/site-cookbooks/kosmos-ejabberd/templates/nginx_conf_upload_service.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/nginx_conf_upload_service.erb @@ -3,7 +3,7 @@ server { listen 443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; server_name <%= @server_name %>; ssl_certificate <%= @ssl_cert %>; diff --git a/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb b/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb index bbb167e..12be513 100644 --- a/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb +++ b/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb @@ -7,7 +7,7 @@ upstream _express_<%= @server_name.gsub(".", "_") %> { server { listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; server_name <%= @server_name %>; add_header Strict-Transport-Security "max-age=15768000"; diff --git a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb index f54cea3..11e2d90 100644 --- a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb +++ b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb @@ -12,7 +12,7 @@ upstream _ipfs_api { server { server_name <%= @server_name %>; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; access_log /var/log/nginx/<%= @server_name %>.access.log; error_log /var/log/nginx/<%= @server_name %>.error.log; diff --git a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb index e0d404d..a10d499 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb @@ -21,7 +21,7 @@ proxy_cache_path /var/cache/nginx/mastodon levels=1:2 server { listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; server_name <%= @server_name %>; include <%= @shared_config_path %>; diff --git a/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb b/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb index 408b591..5e1ada0 100644 --- a/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb +++ b/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb @@ -3,7 +3,7 @@ server { listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; server_name <%= @domain %>; root /var/www/<%= @domain %>/site; diff --git a/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb b/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb index 9b328d6..086ef2e 100644 --- a/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb +++ b/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb @@ -9,7 +9,7 @@ upstream _discourse { server { server_name <%= @server_name %>; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>; diff --git a/site-cookbooks/kosmos_drone/templates/nginx_conf.erb b/site-cookbooks/kosmos_drone/templates/nginx_conf.erb index 3c9c741..f8ffeca 100644 --- a/site-cookbooks/kosmos_drone/templates/nginx_conf.erb +++ b/site-cookbooks/kosmos_drone/templates/nginx_conf.erb @@ -8,7 +8,7 @@ upstream _drone { server { server_name <%= @server_name %>; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>; diff --git a/site-cookbooks/kosmos_garage/templates/nginx_conf_s3.erb b/site-cookbooks/kosmos_garage/templates/nginx_conf_s3.erb index df279e6..3bc408a 100644 --- a/site-cookbooks/kosmos_garage/templates/nginx_conf_s3.erb +++ b/site-cookbooks/kosmos_garage/templates/nginx_conf_s3.erb @@ -4,7 +4,7 @@ upstream garage_s3 { server { listen <%= "#{node[:openresty][:listen_ip]}:" if node[:openresty][:listen_ip] %>443 ssl http2; - listen [::]:443 http2 ssl; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>; diff --git a/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb b/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb index d085d9a..227cb3f 100644 --- a/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb +++ b/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb @@ -1,6 +1,6 @@ server { listen <%= "#{node[:openresty][:listen_ip]}:" if node[:openresty][:listen_ip] %>443 ssl http2; - listen [::]:443 http2 ssl; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; server_name <%= @server_name %>; diff --git a/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb b/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb index f529f6c..13c6dd2 100644 --- a/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb +++ b/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb @@ -6,7 +6,7 @@ upstream _gitea_web { server { server_name <%= @server_name %>; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>; diff --git a/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb b/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb index 48e6e96..e8331ba 100644 --- a/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb +++ b/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb @@ -12,7 +12,7 @@ upstream _<%= @app_name %> { server { listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; server_name <%= @server_name %>; access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log; # TODO json_liquor_cabinet; diff --git a/site-cookbooks/kosmos_openresty/attributes/default.rb b/site-cookbooks/kosmos_openresty/attributes/default.rb new file mode 100644 index 0000000..61c5e33 --- /dev/null +++ b/site-cookbooks/kosmos_openresty/attributes/default.rb @@ -0,0 +1 @@ +node.default["openresty"]["listen_ipv6"] = "::" diff --git a/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb b/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb index 15fa4e5..cceb70c 100644 --- a/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb +++ b/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb @@ -6,7 +6,7 @@ upstream _<%= @upstream_name %> { server { listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; server_name <%= @domain %>; diff --git a/site-cookbooks/kosmos_strfry/templates/nginx_conf_strfry.erb b/site-cookbooks/kosmos_strfry/templates/nginx_conf_strfry.erb index 2bd8f4c..c4b6418 100644 --- a/site-cookbooks/kosmos_strfry/templates/nginx_conf_strfry.erb +++ b/site-cookbooks/kosmos_strfry/templates/nginx_conf_strfry.erb @@ -13,7 +13,7 @@ upstream _substr { server { server_name <%= @domain %>; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; access_log "/var/log/nginx/<%= @domain %>.access.log"; error_log "/var/log/nginx/<%= @domain %>.error.log"; diff --git a/site-cookbooks/kosmos_website/templates/nginx_conf_redirect.erb b/site-cookbooks/kosmos_website/templates/nginx_conf_redirect.erb index 4fe42cc..3839e95 100644 --- a/site-cookbooks/kosmos_website/templates/nginx_conf_redirect.erb +++ b/site-cookbooks/kosmos_website/templates/nginx_conf_redirect.erb @@ -3,7 +3,7 @@ server { server_name <%= @domain %>; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log; error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn; diff --git a/site-cookbooks/kosmos_website/templates/nginx_conf_simple.erb b/site-cookbooks/kosmos_website/templates/nginx_conf_simple.erb index 3a173e1..605cb99 100644 --- a/site-cookbooks/kosmos_website/templates/nginx_conf_simple.erb +++ b/site-cookbooks/kosmos_website/templates/nginx_conf_simple.erb @@ -3,7 +3,7 @@ server { server_name <%= @domain %>; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; root /var/www/<%= @domain %>/public; diff --git a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb index 3622612..3bb6de1 100644 --- a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb +++ b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb @@ -3,6 +3,7 @@ server { server_name _; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>80 default_server; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:80 default_server; location / { return 301 https://<%= @domain %>; @@ -12,7 +13,7 @@ server { server { server_name <%= @domain %>; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2 default_server; if ($host != $server_name) { return 307 $scheme://$server_name; diff --git a/site-cookbooks/kredits-github/templates/default/nginx_conf.erb b/site-cookbooks/kredits-github/templates/default/nginx_conf.erb index 9772f86..5d8d496 100644 --- a/site-cookbooks/kredits-github/templates/default/nginx_conf.erb +++ b/site-cookbooks/kredits-github/templates/default/nginx_conf.erb @@ -5,8 +5,8 @@ upstream _<%= @app_name %> { <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; server_name <%= @server_name %>; access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log json; diff --git a/site-cookbooks/openresty b/site-cookbooks/openresty index bc916b9..b31d6b0 160000 --- a/site-cookbooks/openresty +++ b/site-cookbooks/openresty @@ -1 +1 @@ -Subproject commit bc916b981cecbbc65dc220ecaa9e878a22d8f6fa +Subproject commit b31d6b0b01f74179fd035c2dfcc0222f6c0c45c3 diff --git a/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb b/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb index 284cb97..b579b44 100644 --- a/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb +++ b/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb @@ -8,7 +8,7 @@ upstream _rs_discourse { server { server_name <%= @server_name %>; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>; -- 2.50.1