ssl config for update-page

2025-12-13 07:45:54 +00:00 · 2022-01-10 11:00:24 +01:00 · 2022-01-10 11:00:24 +01:00 · 5d5221f789
commit 5d5221f789
parent 8ba1f48157
3 changed files with 45 additions and 14 deletions
--- a/deployment/bare_metal/install.sh
+++ b/deployment/bare_metal/install.sh
@ -71,6 +71,7 @@ sudo apt-get install -y nginx
 sudo rm /etc/nginx/sites-enabled/default
 sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/gradido.conf /etc/nginx/sites-available
 sudo ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled
+sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/update-page.conf /etc/nginx/sites-available
 cd /etc/nginx
 sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/common common

@ -108,4 +109,8 @@ esac
 envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > gradido.conf

 # Generate update-page.conf from template
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < update-page.conf.template > update-page.conf
+case "$NGINX_SSL" in
+ true) TEMPLATE_FILE="update-page.conf.ssl.template" ;;
+    *) TEMPLATE_FILE="update-page.conf.template" ;;
+esac
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > update-page.conf
--- a/deployment/bare_metal/nginx/sites-available/update-page.conf.template
+++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.template
@ -1,21 +1,16 @@

 server {
-        server_name _;
-        listen 80;
-        listen [::]:80;
+      server_name _;
+      listen 80;
+      listen [::]:80;

-        include /etc/nginx/common/protect.conf;
-        include /etc/nginx/common/protect_add_header.conf;
+      include /etc/nginx/common/protect.conf;
+      include /etc/nginx/common/protect_add_header.conf;

-        root $NGINX_UPDATE_PAGE_ROOT;
-        index updating.html;
+      root $NGINX_UPDATE_PAGE_ROOT;
+      index updating.html;

-        #location / {
-        #   alias $NGINX_UPDATE_PAGE_ROOT;
-        #   index updating.html; 
-        #}
-
-        #access_log /var/log/nginx/access.log main;
+      #access_log /var/log/nginx/access.log main;

 }

--- a/deployment/bare_metal/nginx/sites-available/update-page.ssl.conf.template
+++ b/deployment/bare_metal/nginx/sites-available/update-page.ssl.conf.template
@ -0,0 +1,31 @@
+
+server {
+    if ($host = $NGINX_SERVER_NAME) {
+        return 301 https://$host$request_uri;
+    }
+
+    server_name $NGINX_SERVER_NAME;
+    listen 80;
+    listen [::]:80;
+    return 404;
+}
+server {
+    server_name $NGINX_SERVER_NAME;
+
+    listen [::]:443 ssl ipv6only=on;
+    listen 443 ssl;
+    ssl_certificate $NGINX_SSL_CERTIFICATE;
+    ssl_certificate_key $NGINX_SSL_CERTIFICATE_KEY;
+    include $NGINX_SSL_INCLUDE;
+    ssl_dhparam $NGINX_SSL_DHPARAM;
+
+    include /etc/nginx/common/protect.conf;
+    include /etc/nginx/common/protect_add_header.conf;
+
+    root $NGINX_UPDATE_PAGE_ROOT;
+    index updating.html;
+
+    #access_log /var/log/nginx/access.log main;
+
+}
+