From e424db1279f06e004d628cfde5fbac94da8c8350 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Tue, 26 Jul 2016 18:14:31 +0200
Subject: [PATCH] nginx: Move sslsettings include to http block
The settings don't hurt normal http connections if they are defined at
the top level.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
roles/nginx/templates/nginx.conf.j2 | 2 ++
roles/planet/templates/nginx.d.conf.j2 | 1 -
roles/sources/templates/nginx.d.conf.j2 | 1 -
3 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2
index d7cf03dbd..67b08e2f0 100644
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@@ -17,5 +17,7 @@ http {
access_log /var/log/nginx/default/access.log;
error_log /var/log/nginx/default/error.log;
+ include snippets/sslsettings.conf;
+
include nginx.d/*.conf;
}
diff --git a/roles/planet/templates/nginx.d.conf.j2 b/roles/planet/templates/nginx.d.conf.j2
index d388a912a..2e2d841a2 100644
--- a/roles/planet/templates/nginx.d.conf.j2
+++ b/roles/planet/templates/nginx.d.conf.j2
@@ -24,7 +24,6 @@ server {
ssl_certificate /etc/letsencrypt/live/{{ planet_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ planet_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ planet_domain }}/chain.pem;
- include snippets/sslsettings.conf;
root {{ planet_dir }}/archplanet/output;
diff --git a/roles/sources/templates/nginx.d.conf.j2 b/roles/sources/templates/nginx.d.conf.j2
index 3738d694a..e596c8869 100644
--- a/roles/sources/templates/nginx.d.conf.j2
+++ b/roles/sources/templates/nginx.d.conf.j2
@@ -24,7 +24,6 @@ server {
ssl_certificate /etc/letsencrypt/live/{{ sources_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ sources_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ sources_domain }}/chain.pem;
- include snippets/sslsettings.conf;
root {{ sources_dir }};
--
GitLab