Commit 9047066d authored by Till Brehm's avatar Till Brehm
Browse files

Merge branch 'master' into 'master'

fix nginx redirects section

It seems that the "redirects" section of the nginx vhost master template contains obsolete code that was not updated (in comparison with other parts of this template). This commit is intended to fix the following errors:

*  the redirects section doesn't respect the nginx port settings of ISPConfig (it uses hard-coded values 80 and 443 only)
* the redirects section doesn't respect the HTTP2/SPDY settings
* the redirects section doesn't define the standard SSL protocols that ISPConfig uses everywhere else
* the redirects section contains invalid path for SSL certificate files (closes #4472, closes #3302)

See merge request !580
parents a754d548 89cb553e
......@@ -310,18 +310,19 @@ location ~ /\.well-known/acme-challenge/ {
<tmpl_loop name="redirects">
server {
listen <tmpl_var name='ip_address'>:80;
listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
<tmpl_if name='ipv6_enabled'>
listen [<tmpl_var name='ipv6_address'>]:80;
listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
</tmpl_if>
<tmpl_if name='ssl_enabled'>
listen <tmpl_var name='ip_address'>:443 ssl;
listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
<tmpl_if name='ipv6_enabled'>
listen [<tmpl_var name='ipv6_address'>]:443 ssl;
listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
</tmpl_if>
ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
ssl_certificate <tmpl_var name='ssl_crt_file'>;
ssl_certificate_key <tmpl_var name='ssl_key_file'>;
</tmpl_if>
server_name <tmpl_var name='rewrite_domain'>;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment