OpenNeo/impress
OpenNeo/impress
1
0
Fork 1
Code Pull requests Activity

Future-proof our nginx config for IPv6

Browse source 
Today I learned that nginx requires a special invocation to listen to
IPv6 addresses as well as IPv4. On some of my other projects, this was
causing Let's Encrypt certificate renewal to fail, because Let's
Encrypt prefers to connect over IPv6 when an AAAA record is present, so
its challenges were always returning 404, because nginx wasn't
listening on IPv6.

This shouldn't be affecting impress in production, because we don't
have an AAAA record right now. But I'm just making this change in all
my projects, to make sure this doesn't bite me in the future!
This commit is contained in:
Emi Matchu 2024-02-13 08:47:49 -08:00
parent 95949da6f9
commit e9b0fa0779
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
deploy/files/sites-available/impress.conf
View file

@ -1,6 +1,7 @@
server { server {
server_name {{ impress_hostname }}; server_name {{ impress_hostname }};
listen 80; listen 80;
listen [::]:80;
if ($host = {{ impress_hostname }}) { if ($host = {{ impress_hostname }}) {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
@ -9,6 +10,7 @@ server {
server { server {
server_name {{ impress_hostname }}; server_name {{ impress_hostname }};
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/{{ impress_hostname }}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/{{ impress_hostname }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ impress_hostname }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ impress_hostname }}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf; include /etc/letsencrypt/options-ssl-nginx.conf;