Fix cert-only acme challenge issue.

author: crupest <crupest@outlook.com> 2022-11-20 16:32:27 +0800
committer: crupest <crupest@outlook.com> 2022-11-20 16:32:27 +0800
commit: 4a726c4a66970ddc5226538a7cca138c6526e673 (patch)
tree: e3c62048b3bb0e14859e1c6a978966fda87b250e /template/nginx
parent: 4067ed5b45071109203369dd9b2647d37f434123 (diff)
download: crupest-4a726c4a66970ddc5226538a7cca138c6526e673.tar.gz
crupest-4a726c4a66970ddc5226538a7cca138c6526e673.tar.bz2
crupest-4a726c4a66970ddc5226538a7cca138c6526e673.zip
2 files changed, 15 insertions, 0 deletions
diff --git a/template/nginx/cert-only.conf.template b/template/nginx/cert-only.conf.template
new file mode 100644
index 0000000..08daa8a
--- /dev/null
+++ b/template/nginx/cert-only.conf.template
@@ -0,0 +1,13 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN};
+
+    location / {
+        return 444;
+    }
+
+    location /.well-known/acme-challenge {
+        root /srv/acme;
+    }
+}
diff --git a/template/nginx/forbid_unknown_domain.conf b/template/nginx/forbid_unknown_domain.conf
index 661a2b6..ae96393 100644
--- a/template/nginx/forbid_unknown_domain.conf
+++ b/template/nginx/forbid_unknown_domain.conf
@@ -1,6 +1,8 @@
 server {
     listen 80 default_server;
     listen [::]:80 default_server;
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
 
     return 444;
 }
author	crupest <crupest@outlook.com>	2022-11-20 16:32:27 +0800
committer	crupest <crupest@outlook.com>	2022-11-20 16:32:27 +0800
commit	4a726c4a66970ddc5226538a7cca138c6526e673 (patch)
tree	e3c62048b3bb0e14859e1c6a978966fda87b250e /template/nginx
parent	4067ed5b45071109203369dd9b2647d37f434123 (diff)
download	crupest-4a726c4a66970ddc5226538a7cca138c6526e673.tar.gz crupest-4a726c4a66970ddc5226538a7cca138c6526e673.tar.bz2 crupest-4a726c4a66970ddc5226538a7cca138c6526e673.zip