nominatim: reintroduce https forwarding

diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index 04db58a2a38432591315f6731926876953031459..ef0a2fdc8a215a0ea1f23df0e219c813116677f4 100644 (file)
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -55,12 +55,29 @@ limit_req_zone $limit_www zone=www:50m rate=2r/s;
 limit_req_zone $limit_tarpit zone=tarpit:10m rate=1r/s;
 limit_req_zone $binary_remote_addr zone=blocked:10m rate=20r/m;
 
 limit_req_zone $limit_tarpit zone=tarpit:10m rate=1r/s;
 limit_req_zone $binary_remote_addr zone=blocked:10m rate=20r/m;
 

+server {
+  listen 80 default_server;
+  listen [::]:80 default_server;
+
+  location /nginx_status {
+        stub_status on;
+        access_log   off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+    }
+
+   rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
+
+   location / {
+       return 301 https://$host$request_uri;
+   }
+}
+

 server {
     # IPv4
 server {
     # IPv4

-    listen       80 deferred backlog=16384 reuseport fastopen=2048 default_server;

     listen       443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
     # IPv6
     listen       443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
     # IPv6

-    listen       [::]:80 deferred backlog=16384 reuseport fastopen=2048 default_server;

     listen       [::]:443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
     server_name  localhost;
 
     listen       [::]:443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
     server_name  localhost;