From 8633124883aafa81d52c497351b8e4aae99a399f Mon Sep 17 00:00:00 2001
From: Emi Matchu <emi@matchu.dev>
Date: Tue, 13 Feb 2024 08:38:53 -0800
Subject: [PATCH] Oops, fix serving over IPv6 (and therefore HTTPS cert
 renewal!)

Oh wow, TIL you need a special invocation in nginx to listen on IPv6 as
well as IPv4. This was both presumably breaking clients trying to
connect over IPv6 (I guess we never ran into that in a browser?), but
also breaking certbot's certificate renewal attempts, because Let's
Encrypt prefers IPv6 when possible. Okay!
---
 setup-nginx.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup-nginx.yml b/setup-nginx.yml
index 2bd3305..b585cef 100755
--- a/setup-nginx.yml
+++ b/setup-nginx.yml
@@ -29,7 +29,7 @@
         content: |
           server {
             server_name analytics.openneo.net;
-            listen 80;
+            listen [::]:80;
             if ($host = analytics.openneo.net) {
               return 301 https://$host$request_uri;
             }
@@ -37,7 +37,7 @@
 
           server {
             server_name analytics.openneo.net;
-            listen 443 ssl;
+            listen [::]:443 ssl;
             ssl_certificate /etc/letsencrypt/live/analytics.openneo.net/fullchain.pem;
             ssl_certificate_key /etc/letsencrypt/live/analytics.openneo.net/privkey.pem;
             include /etc/letsencrypt/options-ssl-nginx.conf;