X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/2c43a39d8b64cbc09f4c5a56f519bbf5462ca9c6..d02429561da1d3ad2b5bbe0ac1108e8fc7774922:/cookbooks/imagery/templates/default/nginx_imagery.conf.erb

diff --git a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
index 94b570768..405949e24 100644
--- a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
+++ b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
@@ -1,6 +1,19 @@
 server {
     listen [::]:80;
-    server_name  <%= @name %> a.<%= @name %> b.<%= @name %> c.<%= @name %><% @aliases.each do |alias_name| %> <%= alias_name %> a.<%= alias_name %> b.<%= alias_name %> c.<%= alias_name %><%- end -%>;
+    listen *:80;
+    server_name <%= @name %> a.<%= @name %> b.<%= @name %> c.<%= @name %><% @aliases.each do |alias_name| %> <%= alias_name %> a.<%= alias_name %> b.<%= alias_name %> c.<%= alias_name %><%- end -%>;
+
+    rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen [::]:443 ssl;
+    listen *:443 ssl;
+    server_name <%= @name %> a.<%= @name %> b.<%= @name %> c.<%= @name %><% @aliases.each do |alias_name| %> <%= alias_name %> a.<%= alias_name %> b.<%= alias_name %> c.<%= alias_name %><%- end -%>;
+
+    ssl_certificate /etc/ssl/certs/<%= @name %>.pem;
+    ssl_certificate_key /etc/ssl/private/<%= @name %>.key;
 
     root "/srv/<%= @name %>";