diff options
| author | Paweł Dybiec <pawel@dybiec.info> | 2021-07-11 20:41:24 +0100 |
|---|---|---|
| committer | Paweł Dybiec <pawel@dybiec.info> | 2021-07-11 20:41:24 +0100 |
| commit | cb8f20c9d5dd95191ce0e2fa3c0150f24fddfeb3 (patch) | |
| tree | 390bef8fac434f9c9e3cddd9a84f940f091f44d4 | |
| parent | Docker is dead, long live the podman (diff) | |
Add ipv6 in nginx, move certs
| -rw-r--r-- | nginx/conf.d/cgit.conf | 7 | ||||
| -rw-r--r-- | nginx/nginx.conf | 10 |
2 files changed, 8 insertions, 9 deletions
diff --git a/nginx/conf.d/cgit.conf b/nginx/conf.d/cgit.conf index 651a0eb..57f62fc 100644 --- a/nginx/conf.d/cgit.conf +++ b/nginx/conf.d/cgit.conf @@ -1,13 +1,18 @@ server { listen 80; + listen [::]:80; server_name git.dybiec.info; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; + listen [::]:443 ssl http2; server_name git.dybiec.info; - location ~* ^.+(cgit.(css|png)|favicon.ico|robots.txt) { + location /favicon.ico { + root /var/www/html/; + } + location ~* ^.+(cgit.(css|png)|robots.txt) { root /usr/share/cgit/; } location / { diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 0857b7e..683efdb 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -19,8 +19,8 @@ http { '"$http_user_agent" "$server_name"'; access_log /var/log/nginx/access.log main; - ssl_certificate /root/dybiec.info/fullchain.pem; - ssl_certificate_key /root/dybiec.info/privkey.pem; + ssl_certificate /etc/letsencrypt/live/dybiec.info/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; @@ -51,12 +51,6 @@ http { add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - server { - listen 80; - allow 127.0.0.1; - allow 172.0.0.0/8; - deny all; - } include /etc/nginx/conf.d/*.conf; error_page 500 501 502 503 504 /50x.html; |