diff options
author | bnewbold <bnewbold@robocracy.org> | 2016-05-19 19:18:31 -0700 |
---|---|---|
committer | bnewbold <bnewbold@robocracy.org> | 2016-05-19 19:18:33 -0700 |
commit | 860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09 (patch) | |
tree | 915c9b54319b0bababfb42c0762ec36de531dadd /roles | |
parent | 6888a887f03cda1155f6d8faaab67f512bbb01c8 (diff) | |
download | infra-860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09.tar.gz infra-860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09.zip |
nginx: enable SSL by default on port 443; use snake-oil
If this default isn't here, some random SSL virtual host will be served for all
unconfigured domains, which is worse!
Diffstat (limited to 'roles')
-rw-r--r-- | roles/nginx/templates/etc_nginx_sites-available_default.j2 | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/roles/nginx/templates/etc_nginx_sites-available_default.j2 b/roles/nginx/templates/etc_nginx_sites-available_default.j2 index 70c5a74..881b177 100644 --- a/roles/nginx/templates/etc_nginx_sites-available_default.j2 +++ b/roles/nginx/templates/etc_nginx_sites-available_default.j2 @@ -6,15 +6,13 @@ server { listen [::]:80 default_server; server_name _; - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # + # SSL configuration (fall through) + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + # Self signed certs generated by the ssl-cert package # Don't use them in a production server! - # - # include snippets/snakeoil.conf; + include snippets/snakeoil.conf; root /srv/http/default/www; |