[nginx/conf] Update TLS cert locations

The setup now uses my Kubernetes controller for Let's Encrypt.

This changes the nginx certificate locations to match the new secrets.

nginx/conf/http.conf

@@ -16,10 +16,10 @@ server {
 
 # Redirect for oslo.pub
 server {
-	listen 80;
+    listen 80;
     listen 443 ssl;
-	server_name oslo.pub *.oslo.pub;
-	return 302 https://git.tazj.in/tazjin/pubkartet;
+    server_name oslo.pub *.oslo.pub;
+    return 302 https://git.tazj.in/tazjin/pubkartet;
 }
 
 # Gogs web interface
@@ -31,10 +31,23 @@ server {
     }
 }
 
+# tazj.in -> www.tazj.in
+server {
+    listen 443 ssl http2;
+    server_name tazj.in;
+
+    ssl_certificate /etc/nginx/ssl/tazj.in/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/tazj.in/key.pem;
+
+    location / {
+        return 301 https://www.tazj.in$request_uri;
+    }
+}
+
 # TazBlog
 server {
     listen      443 ssl http2 default_server;
-    server_name www.tazj.in tazj.in default;
+    server_name www.tazj.in default;
 
     location / {
         proxy_pass http://tazblog-priv.default.svc.cluster.local/;

nginx/conf/main.conf

@@ -38,8 +38,8 @@ http {
     access_log   /var/log/nginx/access.log  logstash;
 
     # Default tazj.in config (certs need to be overriden for other stuff, like oslo.pub)
-    ssl_certificate /etc/nginx/ssl/tazj.in/tls.crt;
-    ssl_certificate_key /etc/nginx/ssl/tazj.in/tls.key;
+    ssl_certificate /etc/nginx/ssl/www.tazj.in/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/www.tazj.in/key.pem;
 
     # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
     add_header Strict-Transport-Security max-age=15768000;
@@ -57,8 +57,8 @@ stream {
     ssl_session_tickets off;
 
     # Default tazj.in certificate
-    ssl_certificate /etc/nginx/ssl/tazj.in/tls.crt;
-    ssl_certificate_key /etc/nginx/ssl/tazj.in/tls.key;
+    ssl_certificate /etc/nginx/ssl/tazj.in/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/tazj.in/key.pem;
 
     include /etc/nginx/conf/stream.conf;
 }