From 860e68da12a99e9ddd70d3a96ee4ad44ab5ebe09 Mon Sep 17 00:00:00 2001 From: bnewbold Date: Thu, 19 May 2016 19:18:31 -0700 Subject: nginx: enable SSL by default on port 443; use snake-oil If this default isn't here, some random SSL virtual host will be served for all unconfigured domains, which is worse! --- roles/nginx/templates/etc_nginx_sites-available_default.j2 | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'roles/nginx/templates') diff --git a/roles/nginx/templates/etc_nginx_sites-available_default.j2 b/roles/nginx/templates/etc_nginx_sites-available_default.j2 index 70c5a74..881b177 100644 --- a/roles/nginx/templates/etc_nginx_sites-available_default.j2 +++ b/roles/nginx/templates/etc_nginx_sites-available_default.j2 @@ -6,15 +6,13 @@ server { listen [::]:80 default_server; server_name _; - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # + # SSL configuration (fall through) + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + # Self signed certs generated by the ssl-cert package # Don't use them in a production server! - # - # include snippets/snakeoil.conf; + include snippets/snakeoil.conf; root /srv/http/default/www; -- cgit v1.2.3