From cb8f20c9d5dd95191ce0e2fa3c0150f24fddfeb3 Mon Sep 17 00:00:00 2001 From: Paweł Dybiec Date: Sun, 11 Jul 2021 20:41:24 +0100 Subject: Add ipv6 in nginx, move certs --- nginx/conf.d/cgit.conf | 7 ++++++- nginx/nginx.conf | 10 ++-------- 2 files changed, 8 insertions(+), 9 deletions(-) (limited to 'nginx') diff --git a/nginx/conf.d/cgit.conf b/nginx/conf.d/cgit.conf index 651a0eb..57f62fc 100644 --- a/nginx/conf.d/cgit.conf +++ b/nginx/conf.d/cgit.conf @@ -1,13 +1,18 @@ server { listen 80; + listen [::]:80; server_name git.dybiec.info; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; + listen [::]:443 ssl http2; server_name git.dybiec.info; - location ~* ^.+(cgit.(css|png)|favicon.ico|robots.txt) { + location /favicon.ico { + root /var/www/html/; + } + location ~* ^.+(cgit.(css|png)|robots.txt) { root /usr/share/cgit/; } location / { diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 0857b7e..683efdb 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -19,8 +19,8 @@ http { '"$http_user_agent" "$server_name"'; access_log /var/log/nginx/access.log main; - ssl_certificate /root/dybiec.info/fullchain.pem; - ssl_certificate_key /root/dybiec.info/privkey.pem; + ssl_certificate /etc/letsencrypt/live/dybiec.info/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; @@ -51,12 +51,6 @@ http { add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - server { - listen 80; - allow 127.0.0.1; - allow 172.0.0.0/8; - deny all; - } include /etc/nginx/conf.d/*.conf; error_page 500 501 502 503 504 /50x.html; -- cgit 1.4.1