From e9b0fa077925ce30cb7ff7b93cc13d2e0dd1b343 Mon Sep 17 00:00:00 2001
From: Emi Matchu <emi@matchu.dev>
Date: Tue, 13 Feb 2024 08:47:49 -0800
Subject: [PATCH] Future-proof our nginx config for IPv6

Today I learned that nginx requires a special invocation to listen to
IPv6 addresses as well as IPv4. On some of my other projects, this was
causing Let's Encrypt certificate renewal to fail, because Let's
Encrypt prefers to connect over IPv6 when an AAAA record is present, so
its challenges were always returning 404, because nginx wasn't
listening on IPv6.

This shouldn't be affecting impress in production, because we don't
have an AAAA record right now. But I'm just making this change in all
my projects, to make sure this doesn't bite me in the future!
---
 deploy/files/sites-available/impress.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/deploy/files/sites-available/impress.conf b/deploy/files/sites-available/impress.conf
index cbb3ae4f..c889818a 100644
--- a/deploy/files/sites-available/impress.conf
+++ b/deploy/files/sites-available/impress.conf
@@ -1,6 +1,7 @@
 server {
   server_name {{ impress_hostname }};
   listen 80;
+  listen [::]:80;
   if ($host = {{ impress_hostname }}) {
     return 301 https://$host$request_uri;
   }
@@ -9,6 +10,7 @@ server {
 server {
   server_name {{ impress_hostname }};
   listen 443 ssl;
+  listen [::]:443 ssl;
   ssl_certificate /etc/letsencrypt/live/{{ impress_hostname }}/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/{{ impress_hostname }}/privkey.pem;
   include /etc/letsencrypt/options-ssl-nginx.conf;