From: Sarah Hoffmann <lonvia@denofr.de>
Date: Fri, 24 Apr 2020 22:06:19 +0000 (+0200)
Subject: nominatim: reintroduce https forwarding
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/45d560c26e7b69e73d8e5fa56eeb504000823a40

nominatim: reintroduce https forwarding
---

diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index 04db58a2a..ef0a2fdc8 100644
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -55,12 +55,29 @@ limit_req_zone $limit_www zone=www:50m rate=2r/s;
 limit_req_zone $limit_tarpit zone=tarpit:10m rate=1r/s;
 limit_req_zone $binary_remote_addr zone=blocked:10m rate=20r/m;
 
+server {
+  listen 80 default_server;
+  listen [::]:80 default_server;
+
+  location /nginx_status {
+        stub_status on;
+        access_log   off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+    }
+
+   rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
+
+   location / {
+       return 301 https://$host$request_uri;
+   }
+}
+
 server {
     # IPv4
-    listen       80 deferred backlog=16384 reuseport fastopen=2048 default_server;
     listen       443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
     # IPv6
-    listen       [::]:80 deferred backlog=16384 reuseport fastopen=2048 default_server;
     listen       [::]:443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
     server_name  localhost;