kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

bundles/ssl: support using a preexisting ssl certificate

Browse source
This commit is contained in:
Franzi 2021-04-25 09:09:23 +02:00
parent 019d658442
commit d98a1adfd9
Signed by: kunsi
GPG key ID: 12E3D2136B818350
4 changed files with 76 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

6
bundles/nginx/files/site_template
View file

@ -11,9 +11,13 @@ server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_trusted_certificate /var/lib/dehydrated/certs/${domain}/chain.pem;
% if ssl == 'letsencrypt':
ssl_certificate /var/lib/dehydrated/certs/${domain}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/${domain}/privkey.pem;
% else:
ssl_certificate /etc/nginx/ssl/${vhost}.crt;
ssl_certificate_key /etc/nginx/ssl/${vhost}.key;
% endif
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;