[nginx/conf] Update TLS cert locations

The setup now uses my Kubernetes controller for Let's Encrypt.

This changes the nginx certificate locations to match the new secrets.
This commit is contained in:
Vincent Ambo 2016-09-21 01:24:27 +02:00
parent cfe9387af1
commit 8bc007c7f3
No known key found for this signature in database
GPG key ID: 66F505681DB8F43B
2 changed files with 21 additions and 8 deletions

View file

@ -16,10 +16,10 @@ server {
# Redirect for oslo.pub
server {
listen 80;
listen 80;
listen 443 ssl;
server_name oslo.pub *.oslo.pub;
return 302 https://git.tazj.in/tazjin/pubkartet;
server_name oslo.pub *.oslo.pub;
return 302 https://git.tazj.in/tazjin/pubkartet;
}
# Gogs web interface
@ -31,10 +31,23 @@ server {
}
}
# tazj.in -> www.tazj.in
server {
listen 443 ssl http2;
server_name tazj.in;
ssl_certificate /etc/nginx/ssl/tazj.in/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/tazj.in/key.pem;
location / {
return 301 https://www.tazj.in$request_uri;
}
}
# TazBlog
server {
listen 443 ssl http2 default_server;
server_name www.tazj.in tazj.in default;
server_name www.tazj.in default;
location / {
proxy_pass http://tazblog-priv.default.svc.cluster.local/;

View file

@ -38,8 +38,8 @@ http {
access_log /var/log/nginx/access.log logstash;
# Default tazj.in config (certs need to be overriden for other stuff, like oslo.pub)
ssl_certificate /etc/nginx/ssl/tazj.in/tls.crt;
ssl_certificate_key /etc/nginx/ssl/tazj.in/tls.key;
ssl_certificate /etc/nginx/ssl/www.tazj.in/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/www.tazj.in/key.pem;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
@ -57,8 +57,8 @@ stream {
ssl_session_tickets off;
# Default tazj.in certificate
ssl_certificate /etc/nginx/ssl/tazj.in/tls.crt;
ssl_certificate_key /etc/nginx/ssl/tazj.in/tls.key;
ssl_certificate /etc/nginx/ssl/tazj.in/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/tazj.in/key.pem;
include /etc/nginx/conf/stream.conf;
}