Browse Source

acme challenge

master
parent
commit
1d78c3843d
2 changed files with 25 additions and 18 deletions
  1. +12
    -12
      templates/default-vhost.conf.j2
  2. +13
    -6
      templates/vhost.conf.j2

+ 12
- 12
templates/default-vhost.conf.j2 View File

@@ -1,21 +1,21 @@
server {

listen 80 default_server;
listen [::]:80 default_server;
listen 80 default_server;
listen [::]:80 default_server;

listen 443 ssl default_server;
listen [::]:443 ssl default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;

ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

server_name _;
server_name _;

return 404;
location /.well-known/acme-challenge {
default_type "text/plain";
root /var/www/default;
}

location /.well-known/acme-challenge {
default_type "text/plain";
root /var/www/letsencrypt-auto;
}
root /var/www/default;

}

+ 13
- 6
templates/vhost.conf.j2 View File

@@ -5,14 +5,12 @@ server {
listen 443 ssl;
listen [::]:443 ssl;

ssl_certificate /etc/ssl/certs/{{ vhost.name }}.fullchain.pem;
ssl_certificate_key /etc/ssl/private/{{ vhost.name }}.key.pem;
ssl_certificate /etc/ssl/certs/{{ certificate_name | default(vhost.certificate_name) | default(vhost.name) }}.fullchain.pem;
ssl_certificate_key /etc/ssl/private/{{ certificate_name | default(vhost.certificate_name) | default(vhost.name) }}.key.pem;

charset utf-8;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; ";

{% if vhost.root is defined %}
root {{ vhost.root }};
{% endif %}
charset utf-8;

{% if vhost.try_files is defined %}
try_files {{ vhost.try_files }};
@@ -39,6 +37,10 @@ server {
{% endfor %}
{% endif %}

{% if vhost.root is defined %}
root {{ vhost.root }};
{% endif %}

}

server {
@@ -48,6 +50,11 @@ server {

server_name {{ vhost.server_names | join(' ') }};

location /.well-known/acme-challenge {
default_type "text/plain";
root /var/www/default;
}

return 301 https://$host$request_uri;

}

Loading…
Cancel
Save