Oops, fix serving over IPv6 (and therefore HTTPS cert renewal!)

Oh wow, TIL you need a special invocation in nginx to listen on IPv6 as
well as IPv4. This was both presumably breaking clients trying to
connect over IPv6 (I guess we never ran into that in a browser?), but
also breaking certbot's certificate renewal attempts, because Let's
Encrypt prefers IPv6 when possible. Okay!
This commit is contained in:
Emi Matchu 2024-02-13 08:38:53 -08:00
parent 72aba0d579
commit 8633124883

View file

@ -29,7 +29,7 @@
content: |
server {
server_name analytics.openneo.net;
listen 80;
listen [::]:80;
if ($host = analytics.openneo.net) {
return 301 https://$host$request_uri;
}
@ -37,7 +37,7 @@
server {
server_name analytics.openneo.net;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/analytics.openneo.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/analytics.openneo.net/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;