web: switched to domain-specific certificates.

author: root@culturestrings <root@culturestrings> 2020-05-25 02:35:07 +0000
committer: root@culturestrings <root@culturestrings> 2020-05-25 03:21:11 +0000
commit: 41c9d20b75e76e94474ea9136ccf5b9e17e58013 (patch)
tree: 4a24899557298486dee045d2da539cc463ec2b1a
parent: 4872adf01ef434957976bd88cce6ec683a10145e (diff)
download: culturestrings-41c9d20b75e76e94474ea9136ccf5b9e17e58013.tar.bz2
culturestrings-41c9d20b75e76e94474ea9136ccf5b9e17e58013.tar.xz
16 files changed, 40 insertions, 31 deletions
diff --git a/public/fs/etc/nginx/certs.d/culturestrings.org b/public/fs/etc/nginx/certs.d/culturestrings.org
deleted file mode 120000
index f5b4d30..0000000
--- a/public/fs/etc/nginx/certs.d/culturestrings.org
+++ /dev/null
@@ -1 +0,0 @@
-/home/webroot/midipix.org
-\ No newline at end of file
diff --git a/public/fs/etc/nginx/conf.d/ssl_params b/public/fs/etc/nginx/conf.d/ssl_params
index 9af9de4..cc719aa 100644
--- a/public/fs/etc/nginx/conf.d/ssl_params
+++ b/public/fs/etc/nginx/conf.d/ssl_params
@@ -1,5 +1,3 @@
-ssl_trusted_certificate       /home/webroot/letsencrypt/ssl/chain.pem;
-
 ssl_stapling                  on;
 ssl_stapling_verify           on;
 ssl_prefer_server_ciphers     on;
diff --git a/public/fs/etc/nginx/nginx.conf b/public/fs/etc/nginx/nginx.conf
index 9b92ab4..95c0731 100644
--- a/public/fs/etc/nginx/nginx.conf
+++ b/public/fs/etc/nginx/nginx.conf
@@ -39,8 +39,9 @@ http {
         listen       [::]:443 default_server ssl http2 ipv6only=off reuseport;
         server_name  localhost;
 
-        ssl_certificate       /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem;
-        ssl_certificate_key   /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem;
+        ssl_certificate           /home/webroot/culturestrings.org/ssl/fullchain.pem;
+        ssl_certificate_key       /home/webroot/culturestrings.org/ssl/privkey.pem;
+        ssl_trusted_certificate   /home/webroot/culturestrings.org/ssl/chain.pem;
 
         location / {
             root   /srv/www/htdocs/;
diff --git a/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf b/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf
index 640e0cf..37d50c4 100644
--- a/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf
@@ -20,8 +20,9 @@ server {
         ssi               on;
     }
 
-    ssl_certificate       /home/webroot/culturestrings.org/ssl/fullchain.pem;
-    ssl_certificate_key   /home/webroot/culturestrings.org/ssl/privkey.pem;
+    ssl_certificate           /home/webroot/culturestrings.org/ssl/fullchain.pem;
+    ssl_certificate_key       /home/webroot/culturestrings.org/ssl/privkey.pem;
+    ssl_trusted_certificate   /home/webroot/culturestrings.org/ssl/chain.pem;
 
     include conf.d/ssl_params;
 }
diff --git a/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf
index 24d2d64..241cca1 100644
--- a/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf
@@ -14,8 +14,9 @@ server {
         ssi               on;
     }
 
-    ssl_certificate       /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem;
-    ssl_certificate_key   /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem;
+    ssl_certificate           /home/webroot/foss21.org/ssl/fullchain.pem;
+    ssl_certificate_key       /home/webroot/foss21.org/ssl/privkey.pem;
+    ssl_trusted_certificate   /home/webroot/foss21.org/ssl/chain.pem;
 
     include conf.d/ssl_params;
 }
diff --git a/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf
index 426a84a..6e00c1c 100644
--- a/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf
@@ -14,8 +14,9 @@ server {
         ssi               on;
     }
 
-    ssl_certificate       /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem;
-    ssl_certificate_key   /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem;
+    ssl_certificate           /home/webroot/midipix.org/ssl/fullchain.pem;
+    ssl_certificate_key       /home/webroot/midipix.org/ssl/privkey.pem;
+    ssl_trusted_certificate   /home/webroot/midipix.org/ssl/chain.pem;
 
     include conf.d/ssl_params;
 }
diff --git a/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf
index af9490c..8205e6e 100644
--- a/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf
@@ -52,8 +52,9 @@ server {
         uwsgi_param       QUERY_STRING    $args;
     }
 
-    ssl_certificate       /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem;
-    ssl_certificate_key   /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem;
+    ssl_certificate           /home/webroot/foss21.org/ssl/fullchain.pem;
+    ssl_certificate_key       /home/webroot/foss21.org/ssl/privkey.pem;
+    ssl_trusted_certificate   /home/webroot/foss21.org/ssl/chain.pem;
 
     include conf.d/ssl_params;
 }
diff --git a/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf
index d331558..48e2d62 100644
--- a/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf
@@ -52,8 +52,9 @@ server {
         uwsgi_param       QUERY_STRING    $args;
     }
 
-    ssl_certificate       /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem;
-    ssl_certificate_key   /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem;
+    ssl_certificate           /home/webroot/midipix.org/ssl/fullchain.pem;
+    ssl_certificate_key       /home/webroot/midipix.org/ssl/privkey.pem;
+    ssl_trusted_certificate   /home/webroot/midipix.org/ssl/chain.pem;
 
     include conf.d/ssl_params;
 }
diff --git a/public/fs/etc/nginx/vhosts.d/midipix.org.conf b/public/fs/etc/nginx/vhosts.d/midipix.org.conf
index 763b49a..978b767 100644
--- a/public/fs/etc/nginx/vhosts.d/midipix.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/midipix.org.conf
@@ -26,8 +26,8 @@ server {
         ssi               on;
     }
 
-    ssl_certificate       /etc/nginx/certs.d/culturestrings.org/ssl/gandi/midipix.org.pem;
-    ssl_certificate_key   /etc/nginx/certs.d/culturestrings.org/ssl/gandi/midipix.org.key;
+    ssl_certificate       /home/webroot/midipix.org/ssl/gandi/midipix.org.pem;
+    ssl_certificate_key   /home/webroot/midipix.org/ssl/gandi/midipix.org.key;
 
     include conf.d/ssl_params;
 }
diff --git a/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf
index 7a5c1b9..7a6a1e2 100644
--- a/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf
@@ -14,8 +14,9 @@ server {
         ssi               on;
     }
 
-    ssl_certificate       /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem;
-    ssl_certificate_key   /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem;
+    ssl_certificate           /home/webroot/midipix.org/ssl/fullchain.pem;
+    ssl_certificate_key       /home/webroot/midipix.org/ssl/privkey.pem;
+    ssl_trusted_certificate   /home/webroot/midipix.org/ssl/chain.pem;
 
     include conf.d/ssl_params;
 }
diff --git a/public/fs/etc/nginx/vhosts.d/pagure.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/pagure.midipix.org.conf
index 9bd519c..a0069c5 100644
--- a/public/fs/etc/nginx/vhosts.d/pagure.midipix.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/pagure.midipix.org.conf
@@ -35,8 +35,9 @@ server {
         autoindex on;
     }
 
-    ssl_certificate       /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem;
-    ssl_certificate_key   /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem;
+    ssl_certificate           /home/webroot/midipix.org/ssl/fullchain.pem;
+    ssl_certificate_key       /home/webroot/midipix.org/ssl/privkey.pem;
+    ssl_trusted_certificate   /home/webroot/midipix.org/ssl/chain.pem;
 
     include conf.d/ssl_params;
 }
diff --git a/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf
index 4490575..20a302d 100644
--- a/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf
@@ -14,8 +14,9 @@ server {
         ssi               on;
     }
 
-    ssl_certificate       /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem;
-    ssl_certificate_key   /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem;
+    ssl_certificate           /home/webroot/foss21.org/ssl/fullchain.pem;
+    ssl_certificate_key       /home/webroot/foss21.org/ssl/privkey.pem;
+    ssl_trusted_certificate   /home/webroot/foss21.org/ssl/chain.pem;
 
     include conf.d/ssl_params;
 }
diff --git a/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf
index b60e507..2b8b39c 100644
--- a/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf
@@ -14,8 +14,9 @@ server {
         ssi               on;
     }
 
-    ssl_certificate       /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem;
-    ssl_certificate_key   /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem;
+    ssl_certificate           /home/webroot/midipix.org/ssl/fullchain.pem;
+    ssl_certificate_key       /home/webroot/midipix.org/ssl/privkey.pem;
+    ssl_trusted_certificate   /home/webroot/midipix.org/ssl/chain.pem;
 
     include conf.d/ssl_params;
 }
diff --git a/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf b/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf
index f40f4f0..ff0f39d 100644
--- a/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf
@@ -14,8 +14,9 @@ server {
         ssi               on;
     }
 
-    ssl_certificate       /etc/nginx/certs.d/culturestrings.org/ssl/fullchain.pem;
-    ssl_certificate_key   /etc/nginx/certs.d/culturestrings.org/ssl/privkey.pem;
+    ssl_certificate           /home/webroot/culturestrings.org/ssl/fullchain.pem;
+    ssl_certificate_key       /home/webroot/culturestrings.org/ssl/privkey.pem;
+    ssl_trusted_certificate   /home/webroot/culturestrings.org/ssl/chain.pem;
 
     include conf.d/ssl_params;
 }
diff --git a/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf b/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf
index 7a39a23..00a0621 100644
--- a/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf
@@ -20,8 +20,9 @@ server {
         ssi               on;
     }
 
-    ssl_certificate       /home/webroot/culturestrings.org/ssl/fullchain.pem;
-    ssl_certificate_key   /home/webroot/culturestrings.org/ssl/privkey.pem;
+    ssl_certificate           /home/webroot/culturestrings.org/ssl/fullchain.pem;
+    ssl_certificate_key       /home/webroot/culturestrings.org/ssl/privkey.pem;
+    ssl_trusted_certificate   /home/webroot/culturestrings.org/ssl/chain.pem;
 
     include conf.d/ssl_params;
 }
diff --git a/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf
index d9178ad..1a4a9bb 100644
--- a/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf
+++ b/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf
@@ -26,8 +26,8 @@ server {
         ssi               on;
     }
 
-    ssl_certificate       /etc/nginx/certs.d/culturestrings.org/ssl/gandi/midipix.org.pem;
-    ssl_certificate_key   /etc/nginx/certs.d/culturestrings.org/ssl/gandi/midipix.org.key;
+    ssl_certificate       /home/webroot/midipix.org/ssl/gandi/midipix.org.pem;
+    ssl_certificate_key   /home/webroot/midipix.org/ssl/gandi/midipix.org.key;
 
     include conf.d/ssl_params;
 }
author	root@culturestrings <root@culturestrings>	2020-05-25 02:35:07 +0000
committer	root@culturestrings <root@culturestrings>	2020-05-25 03:21:11 +0000
commit	41c9d20b75e76e94474ea9136ccf5b9e17e58013 (patch)
tree	4a24899557298486dee045d2da539cc463ec2b1a
parent	4872adf01ef434957976bd88cce6ec683a10145e (diff)
download	culturestrings-41c9d20b75e76e94474ea9136ccf5b9e17e58013.tar.bz2 culturestrings-41c9d20b75e76e94474ea9136ccf5b9e17e58013.tar.xz