From bab50f098f193b96aabd512fe212c929ab424789 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Wed, 1 Apr 2020 09:55:13 -0400 Subject: [PATCH] split out virtual server for /generate_204 service --- nginx/server.conf | 43 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 37 insertions(+), 6 deletions(-) diff --git a/nginx/server.conf b/nginx/server.conf index 7e5430a2..d2c21645 100644 --- a/nginx/server.conf +++ b/nginx/server.conf @@ -2,7 +2,7 @@ server { listen 80; listen [::]:80; - server_name connectivitycheck.grapheneos.org www.grapheneos.org grapheneos.org; + server_name www.grapheneos.org grapheneos.org; root /var/empty; @@ -13,7 +13,7 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name connectivitycheck.grapheneos.org www.grapheneos.org grapheneos.org; + server_name www.grapheneos.org grapheneos.org; ssl_certificate /etc/letsencrypt/live/grapheneos.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/grapheneos.org/privkey.pem; @@ -66,10 +66,6 @@ server { return 301 /bitcoin-address.png; } - location = /generate_204 { - return 204; - } - location = /LICENSE { default_type text/plain; } @@ -97,6 +93,41 @@ server { } } +server { + listen 80; + listen [::]:80; + + server_name connectivitycheck.grapheneos.org; + + root /var/empty; + + return 301 https://connectivitycheck.grapheneos.org$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name connectivitycheck.grapheneos.org; + + ssl_certificate /etc/letsencrypt/live/grapheneos.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/grapheneos.org/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + ssl_trusted_certificate /etc/letsencrypt/live/grapheneos.org/chain.pem; + ssl_stapling on; + ssl_stapling_verify on; + + root /var/empty; + + include /etc/nginx/snippets/security-headers.conf; + + location = /generate_204 { + return 204; + } +} + server { listen 80; listen [::]:80;