aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorbnewbold <bnewbold@robocracy.org>2016-05-19 19:18:31 -0700
committerbnewbold <bnewbold@robocracy.org>2016-05-19 19:18:33 -0700
commit860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09 (patch)
tree915c9b54319b0bababfb42c0762ec36de531dadd /roles
parent6888a887f03cda1155f6d8faaab67f512bbb01c8 (diff)
downloadinfra-860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09.tar.gz
infra-860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09.zip
nginx: enable SSL by default on port 443; use snake-oil
If this default isn't here, some random SSL virtual host will be served for all unconfigured domains, which is worse!
Diffstat (limited to 'roles')
-rw-r--r--roles/nginx/templates/etc_nginx_sites-available_default.j212
1 files changed, 5 insertions, 7 deletions
diff --git a/roles/nginx/templates/etc_nginx_sites-available_default.j2 b/roles/nginx/templates/etc_nginx_sites-available_default.j2
index 70c5a74..881b177 100644
--- a/roles/nginx/templates/etc_nginx_sites-available_default.j2
+++ b/roles/nginx/templates/etc_nginx_sites-available_default.j2
@@ -6,15 +6,13 @@ server {
listen [::]:80 default_server;
server_name _;
- # SSL configuration
- #
- # listen 443 ssl default_server;
- # listen [::]:443 ssl default_server;
- #
+ # SSL configuration (fall through)
+ listen 443 ssl default_server;
+ listen [::]:443 ssl default_server;
+
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
- #
- # include snippets/snakeoil.conf;
+ include snippets/snakeoil.conf;
root /srv/http/default/www;