diff options
| author | root <root@taler.net> | 2016-08-08 15:26:55 +0200 |
|---|---|---|
| committer | root <root@taler.net> | 2016-08-08 15:26:55 +0200 |
| commit | b815da4224524068b063ab5f8c2fd4fc3fd46a43 (patch) | |
| tree | 5a07cd713d495534f8be862fe9658021ce719725 /etc | |
| parent | 4d9abc1b70d48a621efa3c9f23812a455c32d99c (diff) | |
| download | deployment-b815da4224524068b063ab5f8c2fd4fc3fd46a43.tar.gz deployment-b815da4224524068b063ab5f8c2fd4fc3fd46a43.tar.bz2 deployment-b815da4224524068b063ab5f8c2fd4fc3fd46a43.zip | |
enable ipv6
Diffstat (limited to 'etc')
21 files changed, 41 insertions, 32 deletions
diff --git a/etc/nginx/sites-enabled/api-ssl.site b/etc/nginx/sites-enabled/api-ssl.site index 56e6b5e..733d4f9 100644 --- a/etc/nginx/sites-enabled/api-ssl.site +++ b/etc/nginx/sites-enabled/api-ssl.site @@ -1,5 +1,5 @@ server { - listen 443 ssl; ## listen for ipv4; this line is default and implied + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/api.taler.net/_build/html; diff --git a/etc/nginx/sites-enabled/api.site b/etc/nginx/sites-enabled/api.site index 11251f3..80e3d38 100644 --- a/etc/nginx/sites-enabled/api.site +++ b/etc/nginx/sites-enabled/api.site @@ -1,5 +1,5 @@ server { - listen 80; ## listen for ipv4; this line is default and implied + listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/api.taler.net/_build/html; diff --git a/etc/nginx/sites-enabled/buildbot-ssl.site b/etc/nginx/sites-enabled/buildbot-ssl.site index 9d6c81a..0b408a5 100644 --- a/etc/nginx/sites-enabled/buildbot-ssl.site +++ b/etc/nginx/sites-enabled/buildbot-ssl.site @@ -1,5 +1,5 @@ server { - listen 443 ssl; ## listen for ipv4; this line is default and implied + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/buildbot/; diff --git a/etc/nginx/sites-enabled/buildbot.site b/etc/nginx/sites-enabled/buildbot.site index 89b5b9a..fe27d67 100644 --- a/etc/nginx/sites-enabled/buildbot.site +++ b/etc/nginx/sites-enabled/buildbot.site @@ -1,5 +1,5 @@ server { - listen 80; ## listen for ipv4; this line is default and implied + listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/buildbot/; diff --git a/etc/nginx/sites-enabled/decentralise-ssl.site b/etc/nginx/sites-enabled/decentralise-ssl.site index 952986f..e30b5fd 100644 --- a/etc/nginx/sites-enabled/decentralise-ssl.site +++ b/etc/nginx/sites-enabled/decentralise-ssl.site @@ -1,5 +1,5 @@ server { - listen 443 ssl; ## listen for ipv4; this line is default and implied + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/decentralise; diff --git a/etc/nginx/sites-enabled/decentralise.site b/etc/nginx/sites-enabled/decentralise.site index 61c1976..055274e 100644 --- a/etc/nginx/sites-enabled/decentralise.site +++ b/etc/nginx/sites-enabled/decentralise.site @@ -1,5 +1,5 @@ server { - listen 80; ## listen for ipv4; this line is default and implied + listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/decentralise; diff --git a/etc/nginx/sites-enabled/default.site b/etc/nginx/sites-enabled/default.site index 0fa4921..0e13406 100644 --- a/etc/nginx/sites-enabled/default.site +++ b/etc/nginx/sites-enabled/default.site @@ -1,6 +1,14 @@ # matched when no other server name matches server { - listen 80 default_server; + listen [::]:80 default_server; + # server name must simply something invalid ... + server_name _; + # drop connection, special nginx status code + return 444; +} +server { + listen [::]:443 ssl default_server; + include conf.d/talerssl; # server name must simply something invalid ... server_name _; # drop connection, special nginx status code diff --git a/etc/nginx/sites-enabled/demo.site b/etc/nginx/sites-enabled/demo.site index 294bf88..e8e55b7 100644 --- a/etc/nginx/sites-enabled/demo.site +++ b/etc/nginx/sites-enabled/demo.site @@ -1,12 +1,12 @@ server { - listen 80; + listen [::]:80; server_name demo.taler.net *.demo.taler.net; rewrite ^ https://$host$request_uri? permanent; } server { - listen 443 ssl; + listen [::]:443 ssl; server_name demo.taler.net www.demo.taler.net; include conf.d/demo.redirects; include conf.d/talerssl; @@ -21,7 +21,7 @@ server { server { - listen 443 ssl; + listen [::]:443 ssl; server_name exchange.demo.taler.net; root /dev/null; include conf.d/talerssl; @@ -35,7 +35,7 @@ server { server { - listen 443 ssl; + listen [::]:443 ssl; server_name blog.demo.taler.net; root /dev/null; include conf.d/demo.redirects; @@ -59,7 +59,7 @@ server { server { - listen 443 ssl; + listen [::]:443 ssl; server_name shop.demo.taler.net; ssi on; include conf.d/demo.redirects; @@ -83,7 +83,7 @@ server { server { - listen 443 ssl; + listen [::]:443 ssl; server_name bank.demo.taler.net; ssi on; include conf.d/demo.redirects; @@ -96,6 +96,7 @@ server { location /admin/add/incoming { allow 127.0.0.1; + allow ::1; deny all; } diff --git a/etc/nginx/sites-enabled/gauger-ssl.site b/etc/nginx/sites-enabled/gauger-ssl.site index 42c40ef..0e1dcd8 100644 --- a/etc/nginx/sites-enabled/gauger-ssl.site +++ b/etc/nginx/sites-enabled/gauger-ssl.site @@ -1,5 +1,5 @@ server { - listen 443 ssl; ## listen for ipv4; this line is default and implied + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/gauger/; diff --git a/etc/nginx/sites-enabled/gauger.site b/etc/nginx/sites-enabled/gauger.site index 63e0cdb..2b2782b 100644 --- a/etc/nginx/sites-enabled/gauger.site +++ b/etc/nginx/sites-enabled/gauger.site @@ -1,5 +1,5 @@ server { - listen 80; ## listen for ipv4; this line is default and implied + listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/gauger/; diff --git a/etc/nginx/sites-enabled/git-ssl.site b/etc/nginx/sites-enabled/git-ssl.site index 3ea1af2..bbbad09 100644 --- a/etc/nginx/sites-enabled/git-ssl.site +++ b/etc/nginx/sites-enabled/git-ssl.site @@ -1,5 +1,5 @@ server { - listen 443 ssl; ## listen for ipv4; this line is default and implied + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/git; diff --git a/etc/nginx/sites-enabled/git.site b/etc/nginx/sites-enabled/git.site index c194202..655d317 100644 --- a/etc/nginx/sites-enabled/git.site +++ b/etc/nginx/sites-enabled/git.site @@ -1,5 +1,5 @@ server { - listen 80; ## listen for ipv4; this line is default and implied + listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/git; diff --git a/etc/nginx/sites-enabled/lcov-ssl.site b/etc/nginx/sites-enabled/lcov-ssl.site index ff64541..b3532a9 100644 --- a/etc/nginx/sites-enabled/lcov-ssl.site +++ b/etc/nginx/sites-enabled/lcov-ssl.site @@ -1,5 +1,5 @@ server { - listen 443 ssl; ## listen for ipv4; this line is default and implied + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/lcov.taler.net/; diff --git a/etc/nginx/sites-enabled/lcov.site b/etc/nginx/sites-enabled/lcov.site index 6c6affb..44437d0 100644 --- a/etc/nginx/sites-enabled/lcov.site +++ b/etc/nginx/sites-enabled/lcov.site @@ -1,5 +1,5 @@ server { - listen 80; ## listen for ipv4; this line is default and implied + listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/lcov.taler.net/; diff --git a/etc/nginx/sites-enabled/sandbox.site b/etc/nginx/sites-enabled/sandbox.site index ed0e720..3a89301 100644 --- a/etc/nginx/sites-enabled/sandbox.site +++ b/etc/nginx/sites-enabled/sandbox.site @@ -1,11 +1,11 @@ server { - listen 80; + listen [::]:80; server_name sandbox.taler.net *.sandbox.taler.net; rewrite ^ https://$host$request_uri? permanent; } server { - listen 443 ssl; + listen [::]:443 ssl; server_name sandbox.taler.net; include conf.d/talerssl; diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site index 1f227e9..ded6abb 100644 --- a/etc/nginx/sites-enabled/test.site +++ b/etc/nginx/sites-enabled/test.site @@ -1,12 +1,12 @@ server { - listen 80; + listen [::]:80; server_name test.taler.net *.test.taler.net; rewrite ^ https://$host$request_uri? permanent; } server { - listen 443 ssl; + listen [::]:443 ssl; server_name test.taler.net www.test.taler.net; root /dev/null; include conf.d/test.redirects; @@ -21,7 +21,7 @@ server { server { - listen 443 ssl; + listen [::]:443 ssl; server_name exchange.test.taler.net; root /dev/null; include conf.d/talerssl; @@ -41,7 +41,7 @@ server { server { - listen 443 ssl; + listen [::]:443 ssl; server_name blog.test.taler.net; root /dev/null; include conf.d/test.redirects; @@ -64,7 +64,7 @@ server { server { - listen 443 ssl; + listen [::]:443 ssl; server_name shop.test.taler.net; ssi on; include conf.d/test.redirects; @@ -87,7 +87,7 @@ server { server { - listen 443 ssl; + listen [::]:443 ssl; server_name bank.test.taler.net; ssi on; include conf.d/test.redirects; diff --git a/etc/nginx/sites-enabled/trollslayer.site b/etc/nginx/sites-enabled/trollslayer.site index c7d5de9..5003e78 100644 --- a/etc/nginx/sites-enabled/trollslayer.site +++ b/etc/nginx/sites-enabled/trollslayer.site @@ -1,5 +1,5 @@ server { - listen 80; ## listen for ipv4; this line is default and implied + listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/trollslayer/; diff --git a/etc/nginx/sites-enabled/www-ssl.site b/etc/nginx/sites-enabled/www-ssl.site index e86cafd..1ccdda8 100644 --- a/etc/nginx/sites-enabled/www-ssl.site +++ b/etc/nginx/sites-enabled/www-ssl.site @@ -1,5 +1,5 @@ server { - listen 443 ssl; ## listen for ipv4; this line is default and implied + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 diff --git a/etc/nginx/sites-enabled/www.git-ssl.site b/etc/nginx/sites-enabled/www.git-ssl.site index 78c4091..81b2c41 100644 --- a/etc/nginx/sites-enabled/www.git-ssl.site +++ b/etc/nginx/sites-enabled/www.git-ssl.site @@ -1,5 +1,5 @@ server { - listen 443 ssl; ## listen for ipv4; this line is default and implied + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 # Make site accessible from http://localhost/ diff --git a/etc/nginx/sites-enabled/www.git.site b/etc/nginx/sites-enabled/www.git.site index 54f932f..4b3fc3d 100644 --- a/etc/nginx/sites-enabled/www.git.site +++ b/etc/nginx/sites-enabled/www.git.site @@ -1,5 +1,5 @@ server { - listen 80; ## listen for ipv4; this line is default and implied + listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 # Make site accessible from http://localhost/ diff --git a/etc/nginx/sites-enabled/www.site b/etc/nginx/sites-enabled/www.site index 80a8fd5..19871af 100644 --- a/etc/nginx/sites-enabled/www.site +++ b/etc/nginx/sites-enabled/www.site @@ -1,5 +1,5 @@ server { - listen 80; ## listen for ipv4; this line is default and implied + listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/taler.net; |