Skip to content

Split and renew SSL configs, adjust nginx vhost config #68

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
etec-masterofsynapse wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Split and renew SSL configs, adjust nginx vhost config #68

etec-masterofsynapse wants to merge 2 commits into from

Conversation

@etec-masterofsynapse
Copy link

@etec-masterofsynapse etec-masterofsynapse commented Aug 6, 2022

Existing solutions

Side comment from me on this: the .well-known allow can also be in the HTTPS section since the ACME LE server can follow the 301 HTTP redirect to the HTTPS target. And the cert is "always" still valid when the challenge happens, so the connection can happen without problems. [Answer to the last bullet point of https://github.com//pull/52#issuecomment-504139732]

New solutions

  • Refresh the ssl.conf and splitting it into -intermediate and -modern for the admin to decide which one to use
  • Include the certbot-managed ssl configs and dhparams since those should suffice as a baseline and are fairly current "all the time"
  • Default comment the try_files fastcgi line since all newer nginx configs contain this statement in their snippet config. The line is still there, if it shouldn't be. (Reason being that nginx, if the user overlooks this line, fails the sanity check and restart with a "duplicate line" error)
  • "Upgrade" php-fpm from 7.2 to 8.1 since some time has passed

@Findus23
Copy link
Collaborator

Findus23 commented Aug 17, 2022

Many thanks for this great summary and the PR.
I have little time at the moment to look into it, but it should be better in a few weeks. If I haven't responded by then please ping me.

@etec-masterofsynapse
Copy link
Author

etec-masterofsynapse commented Aug 17, 2022

Many thanks for this great summary and the PR. I have little time at the moment to look into it, but it should be better in a few weeks. If I haven't responded by then please ping me.

Will do.

@etec-masterofsynapse
Copy link
Author

etec-masterofsynapse commented Sep 15, 2022

Many thanks for this great summary and the PR. I have little time at the moment to look into it, but it should be better in a few weeks. If I haven't responded by then please ping me.

@Findus23 It has been a few weeks, here is the requested ping.

@etec-masterofsynapse
Copy link
Author

etec-masterofsynapse commented Oct 11, 2022

@Findus23 I am pinging you once again since another month has gone by and I haven't heard from you.

@Findus23
Copy link
Collaborator

Findus23 commented Oct 11, 2022

The good news is that this is still on my todo-list, the bad news is that I am still traveling and it will still be a bit until I got enough time at once to go over all of this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@etec-masterofsynapse @Findus23