Fix duplicate definitions for HTTPS 503 responses
This commit is contained in:
mpetkov
parent
680988918e
commit
fc4fba0b4e
2 changed files with 17 additions and 15 deletions
|
|
@ -6,6 +6,8 @@ RUN apt-get update \
|
|||
&& apt-get install -y -q --no-install-recommends \
|
||||
ca-certificates \
|
||||
wget \
|
||||
vim \
|
||||
net-tools \
|
||||
&& apt-get clean \
|
||||
&& rm -r /var/lib/apt/lists/*
|
||||
|
||||
|
|
|
|||
30
nginx.tmpl
30
nginx.tmpl
|
|
@ -95,14 +95,27 @@ server {
|
|||
}
|
||||
|
||||
# Default server if unknown domain
|
||||
{{/* Get the first matching cert, any cert */}}
|
||||
{{ $anyCert := (first (dir "/etc/nginx/certs"))}}
|
||||
{{ $anyCert := trimSuffix ".crt" $anyCert }}
|
||||
{{ $anyCert := trimSuffix ".key" $anyCert }}
|
||||
|
||||
{{ $cert_exists := (and (ne $anyCert "") (exists (printf "/etc/nginx/certs/%s.crt" $anyCert)) (exists (printf "/etc/nginx/certs/%s.key" $anyCert))) }}
|
||||
|
||||
{{ if $cert_exists }}
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl http2;
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:80;
|
||||
listen [::]:443 ssl http2;
|
||||
{{ end }}
|
||||
access_log /var/log/nginx/access.log vhost;
|
||||
return 503;
|
||||
|
||||
ssl_session_tickets off;
|
||||
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $anyCert) }};
|
||||
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $anyCert) }};
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
{{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
|
||||
server {
|
||||
|
|
@ -206,19 +219,6 @@ upstream {{ $upstream_name }} {
|
|||
{{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }}
|
||||
|
||||
{{ if $is_https }}
|
||||
# Default server if unknown domain
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:443 ssl http2;
|
||||
{{ end }}
|
||||
access_log /var/log/nginx/access.log vhost;
|
||||
return 503;
|
||||
|
||||
ssl_session_tickets off;
|
||||
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
|
||||
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
|
||||
}
|
||||
|
||||
{{ if eq $https_method "redirect" }}
|
||||
server {
|
||||
|
|
|
|||
Loading…
Reference in a new issue