From b815da4224524068b063ab5f8c2fd4fc3fd46a43 Mon Sep 17 00:00:00 2001
From: root <root@taler.net>
Date: Mon, 8 Aug 2016 15:26:55 +0200
Subject: enable ipv6

---
 etc/nginx/sites-enabled/api-ssl.site          |  2 +-
 etc/nginx/sites-enabled/api.site              |  2 +-
 etc/nginx/sites-enabled/buildbot-ssl.site     |  2 +-
 etc/nginx/sites-enabled/buildbot.site         |  2 +-
 etc/nginx/sites-enabled/decentralise-ssl.site |  2 +-
 etc/nginx/sites-enabled/decentralise.site     |  2 +-
 etc/nginx/sites-enabled/default.site          | 10 +++++++++-
 etc/nginx/sites-enabled/demo.site             | 13 +++++++------
 etc/nginx/sites-enabled/gauger-ssl.site       |  2 +-
 etc/nginx/sites-enabled/gauger.site           |  2 +-
 etc/nginx/sites-enabled/git-ssl.site          |  2 +-
 etc/nginx/sites-enabled/git.site              |  2 +-
 etc/nginx/sites-enabled/lcov-ssl.site         |  2 +-
 etc/nginx/sites-enabled/lcov.site             |  2 +-
 etc/nginx/sites-enabled/sandbox.site          |  4 ++--
 etc/nginx/sites-enabled/test.site             | 12 ++++++------
 etc/nginx/sites-enabled/trollslayer.site      |  2 +-
 etc/nginx/sites-enabled/www-ssl.site          |  2 +-
 etc/nginx/sites-enabled/www.git-ssl.site      |  2 +-
 etc/nginx/sites-enabled/www.git.site          |  2 +-
 etc/nginx/sites-enabled/www.site              |  2 +-
 21 files changed, 41 insertions(+), 32 deletions(-)

(limited to 'etc')

diff --git a/etc/nginx/sites-enabled/api-ssl.site b/etc/nginx/sites-enabled/api-ssl.site
index 56e6b5e..733d4f9 100644
--- a/etc/nginx/sites-enabled/api-ssl.site
+++ b/etc/nginx/sites-enabled/api-ssl.site
@@ -1,5 +1,5 @@
 server {
-	listen   443 ssl; ## listen for ipv4; this line is default and implied
+	listen   [::]:443 ssl; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/www/api.taler.net/_build/html;
diff --git a/etc/nginx/sites-enabled/api.site b/etc/nginx/sites-enabled/api.site
index 11251f3..80e3d38 100644
--- a/etc/nginx/sites-enabled/api.site
+++ b/etc/nginx/sites-enabled/api.site
@@ -1,5 +1,5 @@
 server {
-	listen   80; ## listen for ipv4; this line is default and implied
+	listen   [::]:80; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/www/api.taler.net/_build/html;
diff --git a/etc/nginx/sites-enabled/buildbot-ssl.site b/etc/nginx/sites-enabled/buildbot-ssl.site
index 9d6c81a..0b408a5 100644
--- a/etc/nginx/sites-enabled/buildbot-ssl.site
+++ b/etc/nginx/sites-enabled/buildbot-ssl.site
@@ -1,5 +1,5 @@
 server {
-	listen   443 ssl; ## listen for ipv4; this line is default and implied
+	listen   [::]:443 ssl; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/www/buildbot/;
diff --git a/etc/nginx/sites-enabled/buildbot.site b/etc/nginx/sites-enabled/buildbot.site
index 89b5b9a..fe27d67 100644
--- a/etc/nginx/sites-enabled/buildbot.site
+++ b/etc/nginx/sites-enabled/buildbot.site
@@ -1,5 +1,5 @@
 server {
-	listen   80; ## listen for ipv4; this line is default and implied
+	listen   [::]:80; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/www/buildbot/;
diff --git a/etc/nginx/sites-enabled/decentralise-ssl.site b/etc/nginx/sites-enabled/decentralise-ssl.site
index 952986f..e30b5fd 100644
--- a/etc/nginx/sites-enabled/decentralise-ssl.site
+++ b/etc/nginx/sites-enabled/decentralise-ssl.site
@@ -1,5 +1,5 @@
 server {
-	listen   443 ssl; ## listen for ipv4; this line is default and implied
+	listen   [::]:443 ssl; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/www/decentralise;
diff --git a/etc/nginx/sites-enabled/decentralise.site b/etc/nginx/sites-enabled/decentralise.site
index 61c1976..055274e 100644
--- a/etc/nginx/sites-enabled/decentralise.site
+++ b/etc/nginx/sites-enabled/decentralise.site
@@ -1,5 +1,5 @@
 server {
-	listen   80; ## listen for ipv4; this line is default and implied
+	listen   [::]:80; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/www/decentralise;
diff --git a/etc/nginx/sites-enabled/default.site b/etc/nginx/sites-enabled/default.site
index 0fa4921..0e13406 100644
--- a/etc/nginx/sites-enabled/default.site
+++ b/etc/nginx/sites-enabled/default.site
@@ -1,6 +1,14 @@
 # matched when no other server name matches
 server {
-    listen 80 default_server;
+    listen [::]:80 default_server;
+    # server name must simply something invalid ...
+    server_name  _;
+    # drop connection, special nginx status code
+    return 444;
+}
+server {
+    listen [::]:443 ssl default_server;
+    include conf.d/talerssl;
     # server name must simply something invalid ...
     server_name  _;
     # drop connection, special nginx status code
diff --git a/etc/nginx/sites-enabled/demo.site b/etc/nginx/sites-enabled/demo.site
index 294bf88..e8e55b7 100644
--- a/etc/nginx/sites-enabled/demo.site
+++ b/etc/nginx/sites-enabled/demo.site
@@ -1,12 +1,12 @@
 server {
-  listen 80;
+  listen [::]:80;
   server_name demo.taler.net *.demo.taler.net;
   rewrite ^ https://$host$request_uri? permanent;
 }
 
 
 server {
-  listen 443 ssl;
+  listen [::]:443 ssl;
   server_name demo.taler.net www.demo.taler.net;
   include conf.d/demo.redirects;
   include conf.d/talerssl;
@@ -21,7 +21,7 @@ server {
 
 
 server {
-  listen 443 ssl;
+  listen [::]:443 ssl;
   server_name exchange.demo.taler.net;
   root /dev/null;
   include conf.d/talerssl;
@@ -35,7 +35,7 @@ server {
 
 
 server {
-  listen 443 ssl;
+  listen [::]:443 ssl;
   server_name blog.demo.taler.net;
   root /dev/null;
   include conf.d/demo.redirects;
@@ -59,7 +59,7 @@ server {
 
 
 server {
-  listen 443 ssl;
+  listen [::]:443 ssl;
   server_name shop.demo.taler.net;
   ssi on;
   include conf.d/demo.redirects;
@@ -83,7 +83,7 @@ server {
 
 
 server {
-  listen 443 ssl;
+  listen [::]:443 ssl;
   server_name bank.demo.taler.net;
   ssi on;
   include conf.d/demo.redirects;
@@ -96,6 +96,7 @@ server {
 
   location /admin/add/incoming {
     allow 127.0.0.1;  
+    allow ::1;
     deny all;
   }
 
diff --git a/etc/nginx/sites-enabled/gauger-ssl.site b/etc/nginx/sites-enabled/gauger-ssl.site
index 42c40ef..0e1dcd8 100644
--- a/etc/nginx/sites-enabled/gauger-ssl.site
+++ b/etc/nginx/sites-enabled/gauger-ssl.site
@@ -1,5 +1,5 @@
 server {
-	listen   443 ssl; ## listen for ipv4; this line is default and implied
+	listen   [::]:443 ssl; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/www/gauger/;
diff --git a/etc/nginx/sites-enabled/gauger.site b/etc/nginx/sites-enabled/gauger.site
index 63e0cdb..2b2782b 100644
--- a/etc/nginx/sites-enabled/gauger.site
+++ b/etc/nginx/sites-enabled/gauger.site
@@ -1,5 +1,5 @@
 server {
-	listen   80; ## listen for ipv4; this line is default and implied
+	listen   [::]:80; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/www/gauger/;
diff --git a/etc/nginx/sites-enabled/git-ssl.site b/etc/nginx/sites-enabled/git-ssl.site
index 3ea1af2..bbbad09 100644
--- a/etc/nginx/sites-enabled/git-ssl.site
+++ b/etc/nginx/sites-enabled/git-ssl.site
@@ -1,5 +1,5 @@
 server {
-	listen   443 ssl; ## listen for ipv4; this line is default and implied
+	listen   [::]:443 ssl; ## listen for ipv4; this line is default and implied
 	# listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/git;
diff --git a/etc/nginx/sites-enabled/git.site b/etc/nginx/sites-enabled/git.site
index c194202..655d317 100644
--- a/etc/nginx/sites-enabled/git.site
+++ b/etc/nginx/sites-enabled/git.site
@@ -1,5 +1,5 @@
 server {
-	listen   80; ## listen for ipv4; this line is default and implied
+	listen   [::]:80; ## listen for ipv4; this line is default and implied
 	# listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/git;
diff --git a/etc/nginx/sites-enabled/lcov-ssl.site b/etc/nginx/sites-enabled/lcov-ssl.site
index ff64541..b3532a9 100644
--- a/etc/nginx/sites-enabled/lcov-ssl.site
+++ b/etc/nginx/sites-enabled/lcov-ssl.site
@@ -1,5 +1,5 @@
 server {
-	listen   443 ssl; ## listen for ipv4; this line is default and implied
+	listen   [::]:443 ssl; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/www/lcov.taler.net/;
diff --git a/etc/nginx/sites-enabled/lcov.site b/etc/nginx/sites-enabled/lcov.site
index 6c6affb..44437d0 100644
--- a/etc/nginx/sites-enabled/lcov.site
+++ b/etc/nginx/sites-enabled/lcov.site
@@ -1,5 +1,5 @@
 server {
-	listen   80; ## listen for ipv4; this line is default and implied
+	listen   [::]:80; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/www/lcov.taler.net/;
diff --git a/etc/nginx/sites-enabled/sandbox.site b/etc/nginx/sites-enabled/sandbox.site
index ed0e720..3a89301 100644
--- a/etc/nginx/sites-enabled/sandbox.site
+++ b/etc/nginx/sites-enabled/sandbox.site
@@ -1,11 +1,11 @@
 server {
-  listen 80;
+  listen [::]:80;
   server_name sandbox.taler.net *.sandbox.taler.net;
   rewrite ^ https://$host$request_uri? permanent;
 }
 
 server {
-  listen   443 ssl;
+  listen   [::]:443 ssl;
 
   server_name sandbox.taler.net;
   include conf.d/talerssl;
diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site
index 1f227e9..ded6abb 100644
--- a/etc/nginx/sites-enabled/test.site
+++ b/etc/nginx/sites-enabled/test.site
@@ -1,12 +1,12 @@
 server {
-  listen 80;
+  listen [::]:80;
   server_name test.taler.net *.test.taler.net;
   rewrite ^ https://$host$request_uri? permanent;
 }
 
 
 server {
-  listen 443 ssl;
+  listen [::]:443 ssl;
   server_name test.taler.net www.test.taler.net;
   root /dev/null;
   include conf.d/test.redirects;
@@ -21,7 +21,7 @@ server {
 
 
 server {
-  listen 443 ssl;
+  listen [::]:443 ssl;
   server_name exchange.test.taler.net;
   root /dev/null;
   include conf.d/talerssl;
@@ -41,7 +41,7 @@ server {
 
 
 server {
-  listen 443 ssl;
+  listen [::]:443 ssl;
   server_name blog.test.taler.net;
   root /dev/null;
   include conf.d/test.redirects;
@@ -64,7 +64,7 @@ server {
 
 
 server {
-  listen 443 ssl;
+  listen [::]:443 ssl;
   server_name shop.test.taler.net;
   ssi on;
   include conf.d/test.redirects;
@@ -87,7 +87,7 @@ server {
 
 
 server {
-  listen 443 ssl;
+  listen [::]:443 ssl;
   server_name bank.test.taler.net;
   ssi on;
   include conf.d/test.redirects;
diff --git a/etc/nginx/sites-enabled/trollslayer.site b/etc/nginx/sites-enabled/trollslayer.site
index c7d5de9..5003e78 100644
--- a/etc/nginx/sites-enabled/trollslayer.site
+++ b/etc/nginx/sites-enabled/trollslayer.site
@@ -1,5 +1,5 @@
 server {
-	listen   80; ## listen for ipv4; this line is default and implied
+	listen   [::]:80; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/www/trollslayer/;
diff --git a/etc/nginx/sites-enabled/www-ssl.site b/etc/nginx/sites-enabled/www-ssl.site
index e86cafd..1ccdda8 100644
--- a/etc/nginx/sites-enabled/www-ssl.site
+++ b/etc/nginx/sites-enabled/www-ssl.site
@@ -1,5 +1,5 @@
 server {
-	listen   443 ssl; ## listen for ipv4; this line is default and implied
+	listen   [::]:443 ssl; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 
diff --git a/etc/nginx/sites-enabled/www.git-ssl.site b/etc/nginx/sites-enabled/www.git-ssl.site
index 78c4091..81b2c41 100644
--- a/etc/nginx/sites-enabled/www.git-ssl.site
+++ b/etc/nginx/sites-enabled/www.git-ssl.site
@@ -1,5 +1,5 @@
 server {
-	listen   443 ssl; ## listen for ipv4; this line is default and implied
+	listen   [::]:443 ssl; ## listen for ipv4; this line is default and implied
 	# listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	# Make site accessible from http://localhost/
diff --git a/etc/nginx/sites-enabled/www.git.site b/etc/nginx/sites-enabled/www.git.site
index 54f932f..4b3fc3d 100644
--- a/etc/nginx/sites-enabled/www.git.site
+++ b/etc/nginx/sites-enabled/www.git.site
@@ -1,5 +1,5 @@
 server {
-	listen   80; ## listen for ipv4; this line is default and implied
+	listen   [::]:80; ## listen for ipv4; this line is default and implied
 	# listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	# Make site accessible from http://localhost/
diff --git a/etc/nginx/sites-enabled/www.site b/etc/nginx/sites-enabled/www.site
index 80a8fd5..19871af 100644
--- a/etc/nginx/sites-enabled/www.site
+++ b/etc/nginx/sites-enabled/www.site
@@ -1,5 +1,5 @@
 server {
-	listen   80; ## listen for ipv4; this line is default and implied
+	listen   [::]:80; ## listen for ipv4; this line is default and implied
  	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
 
 	root /var/www/taler.net;
-- 
cgit v1.2.3