commit b815da4224524068b063ab5f8c2fd4fc3fd46a43
parent 4d9abc1b70d48a621efa3c9f23812a455c32d99c
Author: root <root@taler.net>
Date: Mon, 8 Aug 2016 15:26:55 +0200
enable ipv6
Diffstat:
21 files changed, 41 insertions(+), 32 deletions(-)
diff --git a/etc/nginx/sites-enabled/api-ssl.site b/etc/nginx/sites-enabled/api-ssl.site
@@ -1,5 +1,5 @@
server {
- listen 443 ssl; ## listen for ipv4; this line is default and implied
+ listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/api.taler.net/_build/html;
diff --git a/etc/nginx/sites-enabled/api.site b/etc/nginx/sites-enabled/api.site
@@ -1,5 +1,5 @@
server {
- listen 80; ## listen for ipv4; this line is default and implied
+ listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/api.taler.net/_build/html;
diff --git a/etc/nginx/sites-enabled/buildbot-ssl.site b/etc/nginx/sites-enabled/buildbot-ssl.site
@@ -1,5 +1,5 @@
server {
- listen 443 ssl; ## listen for ipv4; this line is default and implied
+ listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/buildbot/;
diff --git a/etc/nginx/sites-enabled/buildbot.site b/etc/nginx/sites-enabled/buildbot.site
@@ -1,5 +1,5 @@
server {
- listen 80; ## listen for ipv4; this line is default and implied
+ listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/buildbot/;
diff --git a/etc/nginx/sites-enabled/decentralise-ssl.site b/etc/nginx/sites-enabled/decentralise-ssl.site
@@ -1,5 +1,5 @@
server {
- listen 443 ssl; ## listen for ipv4; this line is default and implied
+ listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/decentralise;
diff --git a/etc/nginx/sites-enabled/decentralise.site b/etc/nginx/sites-enabled/decentralise.site
@@ -1,5 +1,5 @@
server {
- listen 80; ## listen for ipv4; this line is default and implied
+ listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/decentralise;
diff --git a/etc/nginx/sites-enabled/default.site b/etc/nginx/sites-enabled/default.site
@@ -1,6 +1,14 @@
# matched when no other server name matches
server {
- listen 80 default_server;
+ listen [::]:80 default_server;
+ # server name must simply something invalid ...
+ server_name _;
+ # drop connection, special nginx status code
+ return 444;
+}
+server {
+ listen [::]:443 ssl default_server;
+ include conf.d/talerssl;
# server name must simply something invalid ...
server_name _;
# drop connection, special nginx status code
diff --git a/etc/nginx/sites-enabled/demo.site b/etc/nginx/sites-enabled/demo.site
@@ -1,12 +1,12 @@
server {
- listen 80;
+ listen [::]:80;
server_name demo.taler.net *.demo.taler.net;
rewrite ^ https://$host$request_uri? permanent;
}
server {
- listen 443 ssl;
+ listen [::]:443 ssl;
server_name demo.taler.net www.demo.taler.net;
include conf.d/demo.redirects;
include conf.d/talerssl;
@@ -21,7 +21,7 @@ server {
server {
- listen 443 ssl;
+ listen [::]:443 ssl;
server_name exchange.demo.taler.net;
root /dev/null;
include conf.d/talerssl;
@@ -35,7 +35,7 @@ server {
server {
- listen 443 ssl;
+ listen [::]:443 ssl;
server_name blog.demo.taler.net;
root /dev/null;
include conf.d/demo.redirects;
@@ -59,7 +59,7 @@ server {
server {
- listen 443 ssl;
+ listen [::]:443 ssl;
server_name shop.demo.taler.net;
ssi on;
include conf.d/demo.redirects;
@@ -83,7 +83,7 @@ server {
server {
- listen 443 ssl;
+ listen [::]:443 ssl;
server_name bank.demo.taler.net;
ssi on;
include conf.d/demo.redirects;
@@ -96,6 +96,7 @@ server {
location /admin/add/incoming {
allow 127.0.0.1;
+ allow ::1;
deny all;
}
diff --git a/etc/nginx/sites-enabled/gauger-ssl.site b/etc/nginx/sites-enabled/gauger-ssl.site
@@ -1,5 +1,5 @@
server {
- listen 443 ssl; ## listen for ipv4; this line is default and implied
+ listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/gauger/;
diff --git a/etc/nginx/sites-enabled/gauger.site b/etc/nginx/sites-enabled/gauger.site
@@ -1,5 +1,5 @@
server {
- listen 80; ## listen for ipv4; this line is default and implied
+ listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/gauger/;
diff --git a/etc/nginx/sites-enabled/git-ssl.site b/etc/nginx/sites-enabled/git-ssl.site
@@ -1,5 +1,5 @@
server {
- listen 443 ssl; ## listen for ipv4; this line is default and implied
+ listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/git;
diff --git a/etc/nginx/sites-enabled/git.site b/etc/nginx/sites-enabled/git.site
@@ -1,5 +1,5 @@
server {
- listen 80; ## listen for ipv4; this line is default and implied
+ listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/git;
diff --git a/etc/nginx/sites-enabled/lcov-ssl.site b/etc/nginx/sites-enabled/lcov-ssl.site
@@ -1,5 +1,5 @@
server {
- listen 443 ssl; ## listen for ipv4; this line is default and implied
+ listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/lcov.taler.net/;
diff --git a/etc/nginx/sites-enabled/lcov.site b/etc/nginx/sites-enabled/lcov.site
@@ -1,5 +1,5 @@
server {
- listen 80; ## listen for ipv4; this line is default and implied
+ listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/lcov.taler.net/;
diff --git a/etc/nginx/sites-enabled/sandbox.site b/etc/nginx/sites-enabled/sandbox.site
@@ -1,11 +1,11 @@
server {
- listen 80;
+ listen [::]:80;
server_name sandbox.taler.net *.sandbox.taler.net;
rewrite ^ https://$host$request_uri? permanent;
}
server {
- listen 443 ssl;
+ listen [::]:443 ssl;
server_name sandbox.taler.net;
include conf.d/talerssl;
diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site
@@ -1,12 +1,12 @@
server {
- listen 80;
+ listen [::]:80;
server_name test.taler.net *.test.taler.net;
rewrite ^ https://$host$request_uri? permanent;
}
server {
- listen 443 ssl;
+ listen [::]:443 ssl;
server_name test.taler.net www.test.taler.net;
root /dev/null;
include conf.d/test.redirects;
@@ -21,7 +21,7 @@ server {
server {
- listen 443 ssl;
+ listen [::]:443 ssl;
server_name exchange.test.taler.net;
root /dev/null;
include conf.d/talerssl;
@@ -41,7 +41,7 @@ server {
server {
- listen 443 ssl;
+ listen [::]:443 ssl;
server_name blog.test.taler.net;
root /dev/null;
include conf.d/test.redirects;
@@ -64,7 +64,7 @@ server {
server {
- listen 443 ssl;
+ listen [::]:443 ssl;
server_name shop.test.taler.net;
ssi on;
include conf.d/test.redirects;
@@ -87,7 +87,7 @@ server {
server {
- listen 443 ssl;
+ listen [::]:443 ssl;
server_name bank.test.taler.net;
ssi on;
include conf.d/test.redirects;
diff --git a/etc/nginx/sites-enabled/trollslayer.site b/etc/nginx/sites-enabled/trollslayer.site
@@ -1,5 +1,5 @@
server {
- listen 80; ## listen for ipv4; this line is default and implied
+ listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/trollslayer/;
diff --git a/etc/nginx/sites-enabled/www-ssl.site b/etc/nginx/sites-enabled/www-ssl.site
@@ -1,5 +1,5 @@
server {
- listen 443 ssl; ## listen for ipv4; this line is default and implied
+ listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
diff --git a/etc/nginx/sites-enabled/www.git-ssl.site b/etc/nginx/sites-enabled/www.git-ssl.site
@@ -1,5 +1,5 @@
server {
- listen 443 ssl; ## listen for ipv4; this line is default and implied
+ listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
# Make site accessible from http://localhost/
diff --git a/etc/nginx/sites-enabled/www.git.site b/etc/nginx/sites-enabled/www.git.site
@@ -1,5 +1,5 @@
server {
- listen 80; ## listen for ipv4; this line is default and implied
+ listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
# Make site accessible from http://localhost/
diff --git a/etc/nginx/sites-enabled/www.site b/etc/nginx/sites-enabled/www.site
@@ -1,5 +1,5 @@
server {
- listen 80; ## listen for ipv4; this line is default and implied
+ listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/taler.net;
