From 448561604c574b5d6f4b61f351964fcdfb62fb01 Mon Sep 17 00:00:00 2001
From: Emi Matchu <emi@matchu.dev>
Date: Tue, 13 Feb 2024 08:43:06 -0800
Subject: [PATCH] Future-proof our nginx config for IPv6

Today I learned that nginx requires a special invocation to listen to
IPv6 addresses as well as IPv4. On some of my other projects, this was
causing Let's Encrypt certificate renewal to fail, because Let's
Encrypt prefers to connect over IPv6 when an AAAA record is present, so
its challenges were always returning 404, because nginx wasn't
listening on IPv6.

This shouldn't be affecting impress-2020 in production, because we
don't have an AAAA record right now. But I'm just making this change in
all my projects, to make sure this doesn't bite me in the future!
---
 deploy/playbooks/setup.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/deploy/playbooks/setup.yml b/deploy/playbooks/setup.yml
index 29c15d5..3709774 100644
--- a/deploy/playbooks/setup.yml
+++ b/deploy/playbooks/setup.yml
@@ -232,6 +232,7 @@
           server {
             server_name impress-2020-box.openneo.net;
             listen 80;
+            listen [::]:80;
             if ($host = impress-2020-box.openneo.net) {
               return 301 https://$host$request_uri;
             }
@@ -240,6 +241,7 @@
           server {
             server_name impress-2020-box.openneo.net;
             listen 443 ssl;
+            listen [::]:443 ssl;
             ssl_certificate /etc/letsencrypt/live/impress-2020-box.openneo.net/fullchain.pem;
             ssl_certificate_key /etc/letsencrypt/live/impress-2020-box.openneo.net/privkey.pem;
             include /etc/letsencrypt/options-ssl-nginx.conf;