[SAC] [OSGeo] #2428: Pages on staging.grass.osgeo.org without https

Sun Mar 22 15:50:28 PDT 2020

#2428: Pages on staging.grass.osgeo.org without https
---------------------------+------------------------
 Reporter:  neteler        |       Owner:  sac@…
     Type:  defect         |      Status:  new
 Priority:  normal         |   Milestone:  Unplanned
Component:  Systems Admin  |  Resolution:
 Keywords:                 |
---------------------------+------------------------

Comment (by robe):

 For future reference commit

 https://git.osgeo.org/gitea/sac/osgeo7/commit/495143e3ff441347f0d56a4b46d15a001faea9c6

 {{{
 diff --git a/etc/nginx/sites-available/grass.osgeo.org b/etc/nginx/sites-
 available/grass.osgeo.org
 index 31fd76d..03d3b83 100644
 --- a/etc/nginx/sites-available/grass.osgeo.org
 +++ b/etc/nginx/sites-available/grass.osgeo.org
 @@ -1,7 +1,6 @@
  server {
      server_name  staging.grass.osgeo.org;
      server_name  grass.osgeo.org;
 -    listen 80 proxy_protocol; # managed by Certbot
      set_real_ip_from 140.211.15.0/24;
      real_ip_header proxy_protocol;

 @@ -18,10 +17,29 @@ server {
                  proxy_redirect off;
          }

 -    listen 443 ssl; # managed by Certbot
 +    listen 443 ssl proxy_protocol; # managed by Certbot
      ssl_certificate
 /etc/letsencrypt/live/staging.grass.osgeo.org/fullchain.pem; # managed by
 Certbot
      ssl_certificate_key
 /etc/letsencrypt/live/staging.grass.osgeo.org/privkey.pem; # managed by
 Certbot
      include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
      ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  }
 +server {
 +    if ($host = staging.grass.osgeo.org) {
 +        return 301 https://$host$request_uri;
 +    } # managed by Certbot
 +
 +    if ($host = grass.osgeo.org) {
 +        return 301 https://$host$request_uri;
 +    } # managed by Certbot
 +
 +
 +
 +    server_name  staging.grass.osgeo.org;
 +    server_name grass.osgeo.org;
 +    listen 80 proxy_protocol;
 +    return 404; # managed by Certbot
 +
 +
 +}
 +
 }}}

 then did

 {{{
 nginx -t #verify config has no typos
 systemctl reload nginx
 }}}

-- 
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2428#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.