From: Michael Brown <supermathie@gmail.com>
Date: Thu, 26 Nov 2020 04:51:48 +0000 (-0500)
Subject: Handle the case where IPv6 is also used (#480)
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=c230d78ffe4828c86ff547fd959c2b83a61cc304;p=discourse_docker.git

Handle the case where IPv6 is also used (#480)

* We want web.ssl.template.yml to handle the IPv6 case as well
---

diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml
index 4b3a02d..cefd1aa 100644
--- a/templates/web.ssl.template.yml
+++ b/templates/web.ssl.template.yml
@@ -12,11 +12,24 @@ run:
        }
        server {
   - replace:
-     hook: ssl
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /listen 80;\s+gzip on;/m
      to: |
        listen 443 ssl http2;
+       SSL_TEMPLATE_SSL_BLOCK
+  - replace:
+     filename: "/etc/nginx/conf.d/discourse.conf"
+     from: /listen 80;\s+listen \[::\]:80;\s+gzip on;/m
+     to: |
+       listen 443 ssl http2;
+       listen [::]:443 ssl http2;
+       SSL_TEMPLATE_SSL_BLOCK
+  - replace:
+     hook: ssl
+     filename: "/etc/nginx/conf.d/discourse.conf"
+     from: /SSL_TEMPLATE_SSL_BLOCK/
+     to: |
+
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        ssl_prefer_server_ciphers off;