nginx: enable SSL by default on port 443; use snake-oil

If this default isn't here, some random SSL virtual host will be served for all unconfigured domains, which is worse!
author: bnewbold <bnewbold@robocracy.org> 2016-05-19 19:18:31 -0700
committer: bnewbold <bnewbold@robocracy.org> 2016-05-19 19:18:33 -0700
commit: 860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09 (patch)
tree: 915c9b54319b0bababfb42c0762ec36de531dadd /roles/nginx
parent: 6888a887f03cda1155f6d8faaab67f512bbb01c8 (diff)
download: infra-860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09.tar.gz
infra-860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09.zip
1 files changed, 5 insertions, 7 deletions
diff --git a/roles/nginx/templates/etc_nginx_sites-available_default.j2 b/roles/nginx/templates/etc_nginx_sites-available_default.j2
index 70c5a74..881b177 100644
--- a/roles/nginx/templates/etc_nginx_sites-available_default.j2
+++ b/roles/nginx/templates/etc_nginx_sites-available_default.j2
@@ -6,15 +6,13 @@ server {
 	listen [::]:80 default_server;
 	server_name _;
 
-	# SSL configuration
-	#
-	# listen 443 ssl default_server;
-	# listen [::]:443 ssl default_server;
-	#
+	# SSL configuration (fall through)
+	listen 443 ssl default_server;
+	listen [::]:443 ssl default_server;
+
 	# Self signed certs generated by the ssl-cert package
 	# Don't use them in a production server!
-	#
-	# include snippets/snakeoil.conf;
+	include snippets/snakeoil.conf;
 
 	root /srv/http/default/www;
author	bnewbold <bnewbold@robocracy.org>	2016-05-19 19:18:31 -0700
committer	bnewbold <bnewbold@robocracy.org>	2016-05-19 19:18:33 -0700
commit	860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09 (patch)
tree	915c9b54319b0bababfb42c0762ec36de531dadd /roles/nginx
parent	6888a887f03cda1155f6d8faaab67f512bbb01c8 (diff)
download	infra-860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09.tar.gz infra-860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09.zip