From 1d78c3843d3eec3bfbb667276b8841c6c5ef8e95 Mon Sep 17 00:00:00 2001
From: Markus Katharina Brechtel <markus.katharina.brechtel@thengo.net>
Date: Sun, 10 Dec 2017 09:16:12 +0000
Subject: [PATCH] acme challenge

---
 templates/default-vhost.conf.j2 | 24 ++++++++++++------------
 templates/vhost.conf.j2         | 19 +++++++++++++------
 2 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/templates/default-vhost.conf.j2 b/templates/default-vhost.conf.j2
index 0641994..669d616 100644
--- a/templates/default-vhost.conf.j2
+++ b/templates/default-vhost.conf.j2
@@ -1,21 +1,21 @@
 server {
 
-        listen 80 default_server;
-        listen [::]:80 default_server;
+  listen 80 default_server;
+  listen [::]:80 default_server;
 
-        listen 443 ssl default_server;
-    	  listen [::]:443 ssl default_server;
+  listen 443 ssl default_server;
+  listen [::]:443 ssl default_server;
 
-        ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
-        ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+  ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+  ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
 
-        server_name _;
+  server_name _;
 
-        return 404;
+  location /.well-known/acme-challenge {
+    default_type "text/plain";
+    root /var/www/default;
+  }
 
-        location /.well-known/acme-challenge {
-                default_type "text/plain";
-                root /var/www/letsencrypt-auto;
-        }
+  root /var/www/default;
 
 }
diff --git a/templates/vhost.conf.j2 b/templates/vhost.conf.j2
index fa00ae0..d91d669 100644
--- a/templates/vhost.conf.j2
+++ b/templates/vhost.conf.j2
@@ -5,14 +5,12 @@ server {
   listen 443 ssl;
   listen [::]:443 ssl;
 
-  ssl_certificate     /etc/ssl/certs/{{ vhost.name }}.fullchain.pem;
-  ssl_certificate_key /etc/ssl/private/{{ vhost.name }}.key.pem;
+  ssl_certificate     /etc/ssl/certs/{{ certificate_name | default(vhost.certificate_name) | default(vhost.name) }}.fullchain.pem;
+  ssl_certificate_key /etc/ssl/private/{{ certificate_name | default(vhost.certificate_name) | default(vhost.name) }}.key.pem;
 
-  charset utf-8;
+  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; ";
 
-  {% if vhost.root is defined %}
-  root {{ vhost.root }};
-  {% endif %}
+  charset utf-8;
 
   {% if vhost.try_files is defined %}
   try_files {{ vhost.try_files }};
@@ -39,6 +37,10 @@ server {
   {% endfor %}
   {% endif %}
 
+  {% if vhost.root is defined %}
+  root {{ vhost.root }};
+  {% endif %}
+
 }
 
 server {
@@ -48,6 +50,11 @@ server {
 
   server_name {{ vhost.server_names | join(' ') }};
 
+  location /.well-known/acme-challenge {
+    default_type "text/plain";
+    root /var/www/default;
+  }
+
   return 301 https://$host$request_uri;
 
 }