mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
add-aurweb-tracing
infrastructure/roles/maintenance/templates/nginx-maintenance.conf.j2
Jan Alexander Steffens (heftig) ecdbd106f2
archweb: Add support for legacy domains 
Using a cert named after the primary domain with `_legacy` appended.
However, the cert is only issued for the legacy domains, not the primary
domain.

Deploy for `ipxe.archlinux.org`.

Fixes: https://gitlab.archlinux.org/archlinux/releng/-/issues/22
2024-07-28 02:55:19 +02:00

120 lines
3.8 KiB
Django/Jinja
Raw Permalink Blame History

{% for domain in service_alternate_domains | default([]) %}
server {
listen 80;
listen [::]:80;
server_name {{ domain }};
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log reduced;
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log.json json_reduced;
error_log {{ maintenance_logs_dir }}/{{ service_domain }}-error.log;
include snippets/letsencrypt.conf;
location / {
access_log off;
return 302 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name {{ domain }};
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log reduced;
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log.json json_reduced;
error_log {{ maintenance_logs_dir }}/{{ service_domain }}-error.log;
ssl_certificate /etc/letsencrypt/live/{{ service_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ service_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ service_domain }}/chain.pem;
location / {
access_log off;
return 302 https://{{ service_domain }};
}
}
{% endfor %}
{% for domain in service_legacy_domains | default([]) %}
server {
listen 80;
listen [::]:80;
server_name {{ domain }};
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log reduced;
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log.json json_reduced;
error_log {{ maintenance_logs_dir }}/{{ service_domain }}-error.log;
include snippets/letsencrypt.conf;
location / {
access_log off;
return 302 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name {{ domain }};
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log reduced;
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log.json json_reduced;
error_log {{ maintenance_logs_dir }}/{{ service_domain }}-error.log;
ssl_certificate /etc/letsencrypt/live/{{ service_domain }}_legacy/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ service_domain }}_legacy/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ service_domain }}_legacy/chain.pem;
location / {
access_log off;
return 302 https://{{ service_domain }};
}
}
{% endfor %}
server {
listen 80;
listen [::]:80;
server_name {{ service_domain }};
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log reduced;
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log.json json_reduced;
error_log {{ maintenance_logs_dir }}/{{ service_domain }}-error.log;
include snippets/letsencrypt.conf;
location / {
access_log off;
return 302 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name {{ service_domain }};
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log reduced;
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log.json json_reduced;
error_log {{ maintenance_logs_dir }}/{{ service_domain }}-error.log;
ssl_certificate /etc/letsencrypt/live/{{ service_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ service_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ service_domain }}/chain.pem;
error_page 503 /503.html;
location / {
return 503;
}
location = /503.html {
root {{ maintenance_http_dir }}/{{ service_domain }};
}
}
View Git Blame Copy Permalink