Enable SSL using certificate from Let's Encrypt

2016-11-04 19:51:44 +01:00 · 2016-11-04 19:51:44 +01:00 · d5e3ca60af
parent a0b37487e9
commit d5e3ca60af
3 changed files with 21 additions and 2 deletions
--- a/.infra/Frey-state-terraform.tfstate
+++ b/.infra/Frey-state-terraform.tfstate
@ -1,7 +1,7 @@
 {
    "version": 3,
    "terraform_version": "0.7.3",
-    "serial": 30,
+    "serial": 31,
    "lineage": "deedcad1-a3e9-4e02-9135-c347bbbe0be0",
    "modules": [
        {
@ -128,7 +128,7 @@
                            "description": "Infra tusd",
                            "egress.#": "0",
                            "id": "sg-60cc290d",
-                            "ingress.#": "3",
+                            "ingress.#": "4",
                            "ingress.2214680975.cidr_blocks.#": "1",
                            "ingress.2214680975.cidr_blocks.0": "0.0.0.0/0",
                            "ingress.2214680975.from_port": "80",
@ -143,6 +143,13 @@
                            "ingress.2541437006.security_groups.#": "0",
                            "ingress.2541437006.self": "false",
                            "ingress.2541437006.to_port": "22",
+                            "ingress.2617001939.cidr_blocks.#": "1",
+                            "ingress.2617001939.cidr_blocks.0": "0.0.0.0/0",
+                            "ingress.2617001939.from_port": "443",
+                            "ingress.2617001939.protocol": "tcp",
+                            "ingress.2617001939.security_groups.#": "0",
+                            "ingress.2617001939.self": "false",
+                            "ingress.2617001939.to_port": "443",
                            "ingress.516175195.cidr_blocks.#": "1",
                            "ingress.516175195.cidr_blocks.0": "0.0.0.0/0",
                            "ingress.516175195.from_port": "8080",
--- a/.infra/Freyfile.hcl
+++ b/.infra/Freyfile.hcl
@ -87,6 +87,12 @@ infra resource aws_security_group "fw-tusd-main" {
    protocol    = "tcp"
    to_port     = 80
  }
+  ingress {
+    cidr_blocks = ["0.0.0.0/0"]
+    from_port   = 443
+    protocol    = "tcp"
+    to_port     = 443
+  }
  ingress {
    cidr_blocks = ["0.0.0.0/0"]
    from_port   = 22
--- a/.infra/files/nginx.conf
+++ b/.infra/files/nginx.conf
@ -2,6 +2,12 @@ server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

+    listen 443 ssl;
+    listen [::]:443 ipv6only=on ssl;
+
+    ssl_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/master.tus.io/privkey.pem;
+
    server_name master.tus.io;

    # certbot will place the files required for the HTTP challenge in the