From da2572ddb144086034eba1989ae909763e95c680 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 20 Dec 2015 14:13:08 +0100 Subject: Use the Let's Encrypt CA for our public certs. --- roles/common-web/files/etc/nginx/sites-available/default | 11 +++++++++++ roles/common-web/files/etc/nginx/snippets/acme-challenge.conf | 4 ++++ 2 files changed, 15 insertions(+) create mode 100644 roles/common-web/files/etc/nginx/sites-available/default create mode 100644 roles/common-web/files/etc/nginx/snippets/acme-challenge.conf (limited to 'roles/common-web/files') diff --git a/roles/common-web/files/etc/nginx/sites-available/default b/roles/common-web/files/etc/nginx/sites-available/default new file mode 100644 index 0000000..6df1615 --- /dev/null +++ b/roles/common-web/files/etc/nginx/sites-available/default @@ -0,0 +1,11 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log info; + + # serve ACME challenges on all virtual hosts + # /!\ need to be served individually for each explicit virtual host as well! + include snippets/acme-challenge.conf; +} diff --git a/roles/common-web/files/etc/nginx/snippets/acme-challenge.conf b/roles/common-web/files/etc/nginx/snippets/acme-challenge.conf new file mode 100644 index 0000000..b2a856a --- /dev/null +++ b/roles/common-web/files/etc/nginx/snippets/acme-challenge.conf @@ -0,0 +1,4 @@ +location /.well-known/acme-challenge/ { + alias /var/www/acme-challenge/; + default_type application/jose+json; +} -- cgit v1.2.3