Handle the case where IPv6 is also used (#480)

* We want web.ssl.template.yml to handle the IPv6 case as well

diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml
index 4b3a02d5c750c44d5ec8d57d442e7bc328d3fe44..cefd1aa573d94e18b2aad3016af54330aa5434a8 100644 (file)
--- a/templates/web.ssl.template.yml
+++ b/templates/web.ssl.template.yml
@@ -12,11 +12,24 @@ run:
        }
        server {
   - replace:
-     hook: ssl
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /listen 80;\s+gzip on;/m
      to: |
        listen 443 ssl http2;
+       SSL_TEMPLATE_SSL_BLOCK
+  - replace:
+     filename: "/etc/nginx/conf.d/discourse.conf"
+     from: /listen 80;\s+listen \[::\]:80;\s+gzip on;/m
+     to: |
+       listen 443 ssl http2;
+       listen [::]:443 ssl http2;
+       SSL_TEMPLATE_SSL_BLOCK
+  - replace:
+     hook: ssl
+     filename: "/etc/nginx/conf.d/discourse.conf"
+     from: /SSL_TEMPLATE_SSL_BLOCK/
+     to: |
+
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        ssl_prefer_server_ciphers off;