From 41c9d20b75e76e94474ea9136ccf5b9e17e58013 Mon Sep 17 00:00:00 2001 From: "root@culturestrings" Date: Mon, 25 May 2020 02:35:07 +0000 Subject: web: switched to domain-specific certificates. --- public/fs/etc/nginx/certs.d/culturestrings.org | 1 - public/fs/etc/nginx/conf.d/ssl_params | 2 -- public/fs/etc/nginx/nginx.conf | 5 +++-- public/fs/etc/nginx/vhosts.d/culturestrings.org.conf | 5 +++-- public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf | 5 +++-- public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf | 5 +++-- public/fs/etc/nginx/vhosts.d/git.foss21.org.conf | 5 +++-- public/fs/etc/nginx/vhosts.d/git.midipix.org.conf | 5 +++-- public/fs/etc/nginx/vhosts.d/midipix.org.conf | 4 ++-- public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf | 5 +++-- public/fs/etc/nginx/vhosts.d/pagure.midipix.org.conf | 5 +++-- public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf | 5 +++-- public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf | 5 +++-- public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf | 5 +++-- public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf | 5 +++-- public/fs/etc/nginx/vhosts.d/www.midipix.org.conf | 4 ++-- 16 files changed, 40 insertions(+), 31 deletions(-) delete mode 120000 public/fs/etc/nginx/certs.d/culturestrings.org diff --git a/public/fs/etc/nginx/certs.d/culturestrings.org b/public/fs/etc/nginx/certs.d/culturestrings.org deleted file mode 120000 index f5b4d30..0000000 --- a/public/fs/etc/nginx/certs.d/culturestrings.org +++ /dev/null @@ -1 +0,0 @@ -/home/webroot/midipix.org \ No newline at end of file diff --git a/public/fs/etc/nginx/conf.d/ssl_params b/public/fs/etc/nginx/conf.d/ssl_params index 9af9de4..cc719aa 100644 --- a/public/fs/etc/nginx/conf.d/ssl_params +++ b/public/fs/etc/nginx/conf.d/ssl_params @@ -1,5 +1,3 @@ -ssl_trusted_certificate /home/webroot/letsencrypt/ssl/chain.pem; - ssl_stapling on; ssl_stapling_verify on; ssl_prefer_server_ciphers on; diff --git a/public/fs/etc/nginx/nginx.conf b/public/fs/etc/nginx/nginx.conf index 9b92ab4..95c0731 100644 --- a/public/fs/etc/nginx/nginx.conf +++ b/public/fs/etc/nginx/nginx.conf @@ -39,8 +39,9 @@ http { listen [::]:443 default_server ssl http2 ipv6only=off reuseport; server_name localhost; - ssl_certificate /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem; + ssl_certificate /home/webroot/culturestrings.org/ssl/fullchain.pem; + ssl_certificate_key /home/webroot/culturestrings.org/ssl/privkey.pem; + ssl_trusted_certificate /home/webroot/culturestrings.org/ssl/chain.pem; location / { root /srv/www/htdocs/; diff --git a/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf b/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf index 640e0cf..37d50c4 100644 --- a/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf +++ b/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf @@ -20,8 +20,9 @@ server { ssi on; } - ssl_certificate /home/webroot/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /home/webroot/culturestrings.org/ssl/privkey.pem; + ssl_certificate /home/webroot/culturestrings.org/ssl/fullchain.pem; + ssl_certificate_key /home/webroot/culturestrings.org/ssl/privkey.pem; + ssl_trusted_certificate /home/webroot/culturestrings.org/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf index 24d2d64..241cca1 100644 --- a/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf +++ b/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf @@ -14,8 +14,9 @@ server { ssi on; } - ssl_certificate /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem; + ssl_certificate /home/webroot/foss21.org/ssl/fullchain.pem; + ssl_certificate_key /home/webroot/foss21.org/ssl/privkey.pem; + ssl_trusted_certificate /home/webroot/foss21.org/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf index 426a84a..6e00c1c 100644 --- a/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf +++ b/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf @@ -14,8 +14,9 @@ server { ssi on; } - ssl_certificate /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem; + ssl_certificate /home/webroot/midipix.org/ssl/fullchain.pem; + ssl_certificate_key /home/webroot/midipix.org/ssl/privkey.pem; + ssl_trusted_certificate /home/webroot/midipix.org/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf index af9490c..8205e6e 100644 --- a/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf +++ b/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf @@ -52,8 +52,9 @@ server { uwsgi_param QUERY_STRING $args; } - ssl_certificate /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem; + ssl_certificate /home/webroot/foss21.org/ssl/fullchain.pem; + ssl_certificate_key /home/webroot/foss21.org/ssl/privkey.pem; + ssl_trusted_certificate /home/webroot/foss21.org/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf index d331558..48e2d62 100644 --- a/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf +++ b/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf @@ -52,8 +52,9 @@ server { uwsgi_param QUERY_STRING $args; } - ssl_certificate /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem; + ssl_certificate /home/webroot/midipix.org/ssl/fullchain.pem; + ssl_certificate_key /home/webroot/midipix.org/ssl/privkey.pem; + ssl_trusted_certificate /home/webroot/midipix.org/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/midipix.org.conf b/public/fs/etc/nginx/vhosts.d/midipix.org.conf index 763b49a..978b767 100644 --- a/public/fs/etc/nginx/vhosts.d/midipix.org.conf +++ b/public/fs/etc/nginx/vhosts.d/midipix.org.conf @@ -26,8 +26,8 @@ server { ssi on; } - ssl_certificate /etc/nginx/certs.d/culturestrings.org/ssl/gandi/midipix.org.pem; - ssl_certificate_key /etc/nginx/certs.d/culturestrings.org/ssl/gandi/midipix.org.key; + ssl_certificate /home/webroot/midipix.org/ssl/gandi/midipix.org.pem; + ssl_certificate_key /home/webroot/midipix.org/ssl/gandi/midipix.org.key; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf index 7a5c1b9..7a6a1e2 100644 --- a/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf +++ b/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf @@ -14,8 +14,9 @@ server { ssi on; } - ssl_certificate /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem; + ssl_certificate /home/webroot/midipix.org/ssl/fullchain.pem; + ssl_certificate_key /home/webroot/midipix.org/ssl/privkey.pem; + ssl_trusted_certificate /home/webroot/midipix.org/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/pagure.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/pagure.midipix.org.conf index 9bd519c..a0069c5 100644 --- a/public/fs/etc/nginx/vhosts.d/pagure.midipix.org.conf +++ b/public/fs/etc/nginx/vhosts.d/pagure.midipix.org.conf @@ -35,8 +35,9 @@ server { autoindex on; } - ssl_certificate /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem; + ssl_certificate /home/webroot/midipix.org/ssl/fullchain.pem; + ssl_certificate_key /home/webroot/midipix.org/ssl/privkey.pem; + ssl_trusted_certificate /home/webroot/midipix.org/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf index 4490575..20a302d 100644 --- a/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf +++ b/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf @@ -14,8 +14,9 @@ server { ssi on; } - ssl_certificate /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem; + ssl_certificate /home/webroot/foss21.org/ssl/fullchain.pem; + ssl_certificate_key /home/webroot/foss21.org/ssl/privkey.pem; + ssl_trusted_certificate /home/webroot/foss21.org/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf index b60e507..2b8b39c 100644 --- a/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf +++ b/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf @@ -14,8 +14,9 @@ server { ssi on; } - ssl_certificate /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem; + ssl_certificate /home/webroot/midipix.org/ssl/fullchain.pem; + ssl_certificate_key /home/webroot/midipix.org/ssl/privkey.pem; + ssl_trusted_certificate /home/webroot/midipix.org/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf b/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf index f40f4f0..ff0f39d 100644 --- a/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf +++ b/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf @@ -14,8 +14,9 @@ server { ssi on; } - ssl_certificate /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem; + ssl_certificate /home/webroot/culturestrings.org/ssl/fullchain.pem; + ssl_certificate_key /home/webroot/culturestrings.org/ssl/privkey.pem; + ssl_trusted_certificate /home/webroot/culturestrings.org/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf b/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf index 7a39a23..00a0621 100644 --- a/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf +++ b/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf @@ -20,8 +20,9 @@ server { ssi on; } - ssl_certificate /home/webroot/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /home/webroot/culturestrings.org/ssl/privkey.pem; + ssl_certificate /home/webroot/culturestrings.org/ssl/fullchain.pem; + ssl_certificate_key /home/webroot/culturestrings.org/ssl/privkey.pem; + ssl_trusted_certificate /home/webroot/culturestrings.org/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf index d9178ad..1a4a9bb 100644 --- a/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf +++ b/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf @@ -26,8 +26,8 @@ server { ssi on; } - ssl_certificate /etc/nginx/certs.d/culturestrings.org/ssl/gandi/midipix.org.pem; - ssl_certificate_key /etc/nginx/certs.d/culturestrings.org/ssl/gandi/midipix.org.key; + ssl_certificate /home/webroot/midipix.org/ssl/gandi/midipix.org.pem; + ssl_certificate_key /home/webroot/midipix.org/ssl/gandi/midipix.org.key; include conf.d/ssl_params; } -- cgit v1.2.3