17f1b2a20a
It creates a folder, the nginx vhost for certbot and HTTP redirects, and also runs certbot and recreates the nginx vhost that includes the TLS cert
39 lines
950 B
Plaintext
39 lines
950 B
Plaintext
# Generated by Chef
|
|
upstream _sockethub {
|
|
server localhost:<%= @sockethub_port %>;
|
|
}
|
|
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
|
|
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
|
server {
|
|
listen <%= @sockethub_external_port %> ssl http2;
|
|
add_header Strict-Transport-Security "max-age=15768000";
|
|
|
|
server_name <%= @server_name %>;
|
|
|
|
access_log <%= node[:nginx][:log_dir] %>/sockethub.access.log json;
|
|
error_log <%= node[:nginx][:log_dir] %>/sockethub.error.log warn;
|
|
|
|
# We might need real ETags, disable those for now
|
|
gzip off;
|
|
|
|
location / {
|
|
# Increase number of buffers. Default is 8
|
|
proxy_buffers 1024 8k;
|
|
|
|
proxy_pass http://_sockethub;
|
|
proxy_http_version 1.1;
|
|
# Enable WebSockets
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
}
|
|
|
|
ssl_certificate <%= @ssl_cert %>;
|
|
ssl_certificate_key <%= @ssl_key %>;
|
|
}
|
|
<% end -%>
|