Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

nginx: Consistently listen on IPv6 and with HTTP/2. 

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg 2020-10-13 16:53:28 -07:00 committed by Alex Vandiver
parent ec43f5418d
commit 129ea6dd11
6 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/production/deployment.md
View File

@ -272,10 +272,10 @@ For `nginx` configuration, there's two things you need to set up:
```
server {
listen 443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name zulip.example.net;
ssl on;
ssl_certificate /path/to/fullchain-cert.pem;
ssl_certificate_key /path/to/private-key.pem;

5
puppet/zulip/templates/nginx/zulip-enterprise.template.erb
View File

@ -19,10 +19,9 @@ server {
listen <%= @nginx_listen_port %>;
listen [::]:<%= @nginx_listen_port %>;
<% else -%>
listen <%= @nginx_listen_port %> http2;
listen [::]:<%= @nginx_listen_port %> http2;
listen <%= @nginx_listen_port %> ssl http2;
listen [::]:<%= @nginx_listen_port %> ssl http2;
ssl on;
ssl_certificate <%= @ssl_dir %>/certs/zulip.combined-chain.crt;
ssl_certificate_key <%= @ssl_dir %>/private/zulip.key;
<% end -%>

4
puppet/zulip_ops/files/nginx/sites-available/zulip
View File

@ -1,7 +1,8 @@
include /etc/nginx/zulip-include/upstreams;
server {
listen 443;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# This server is behind an ALB, which does not check the
# certificate validity:
@ -9,7 +10,6 @@ server {
#
# Snakeoil verts are good for 10 years after initial creation, but
# the ALBs don't even check expiration. ¯\_(ツ)_/¯
ssl on;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

9
puppet/zulip_ops/files/nginx/sites-available/zulip-org
View File

@ -1,13 +1,14 @@
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
listen 443 http2;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name zulip.org;
ssl on;
ssl_certificate /etc/letsencrypt/live/zulip.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zulip.org/privkey.pem;
@ -22,10 +23,10 @@ server {
}
server {
listen 443 http2;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.zulip.org;
ssl on;
ssl_certificate /etc/letsencrypt/live/zulip.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zulip.org/privkey.pem;

5
puppet/zulip_ops/files/nginx/sites-available/zulip-staging
View File

@ -1,5 +1,6 @@
server {
listen 80;
listen [::]:80;
server_name staging.zulip.com;
return 301 https://$server_name$request_uri;
}
@ -7,9 +8,9 @@ server {
include /etc/nginx/zulip-include/upstreams;
server {
listen 443;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/ssl/certs/staging.zulip.com.combined-chain.crt;
ssl_certificate_key /etc/ssl/private/staging_and_dev.humbughq.com.key;

5
tools/droplets/zulipdev
View File

@ -1,12 +1,13 @@
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
listen 443;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/ssl/certs/zulip.combined-chain.crt;
ssl_certificate_key /etc/ssl/private/zulip.key;