From 860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09 Mon Sep 17 00:00:00 2001
From: bnewbold <bnewbold@robocracy.org>
Date: Thu, 19 May 2016 19:18:31 -0700
Subject: nginx: enable SSL by default on port 443; use snake-oil

If this default isn't here, some random SSL virtual host will be served for all
unconfigured domains, which is worse!
---
 roles/nginx/templates/etc_nginx_sites-available_default.j2 | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/roles/nginx/templates/etc_nginx_sites-available_default.j2 b/roles/nginx/templates/etc_nginx_sites-available_default.j2
index 70c5a74..881b177 100644
--- a/roles/nginx/templates/etc_nginx_sites-available_default.j2
+++ b/roles/nginx/templates/etc_nginx_sites-available_default.j2
@@ -6,15 +6,13 @@ server {
 	listen [::]:80 default_server;
 	server_name _;
 
-	# SSL configuration
-	#
-	# listen 443 ssl default_server;
-	# listen [::]:443 ssl default_server;
-	#
+	# SSL configuration (fall through)
+	listen 443 ssl default_server;
+	listen [::]:443 ssl default_server;
+
 	# Self signed certs generated by the ssl-cert package
 	# Don't use them in a production server!
-	#
-	# include snippets/snakeoil.conf;
+	include snippets/snakeoil.conf;
 
 	root /srv/http/default/www;
 
-- 
cgit v1.2.3