forked from OpenNeo/impress
Future-proof our nginx config for IPv6
Today I learned that nginx requires a special invocation to listen to IPv6 addresses as well as IPv4. On some of my other projects, this was causing Let's Encrypt certificate renewal to fail, because Let's Encrypt prefers to connect over IPv6 when an AAAA record is present, so its challenges were always returning 404, because nginx wasn't listening on IPv6. This shouldn't be affecting impress in production, because we don't have an AAAA record right now. But I'm just making this change in all my projects, to make sure this doesn't bite me in the future!
This commit is contained in:
parent
95949da6f9
commit
e9b0fa0779
1 changed files with 2 additions and 0 deletions
|
@ -1,6 +1,7 @@
|
||||||
server {
|
server {
|
||||||
server_name {{ impress_hostname }};
|
server_name {{ impress_hostname }};
|
||||||
listen 80;
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
if ($host = {{ impress_hostname }}) {
|
if ($host = {{ impress_hostname }}) {
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
@ -9,6 +10,7 @@ server {
|
||||||
server {
|
server {
|
||||||
server_name {{ impress_hostname }};
|
server_name {{ impress_hostname }};
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
ssl_certificate /etc/letsencrypt/live/{{ impress_hostname }}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/{{ impress_hostname }}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/{{ impress_hostname }}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/{{ impress_hostname }}/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
|
|
Loading…
Reference in a new issue