diff --git a/.infra/Frey-state-terraform.tfstate b/.infra/Frey-state-terraform.tfstate index 3a9376b..d97a0d8 100644 --- a/.infra/Frey-state-terraform.tfstate +++ b/.infra/Frey-state-terraform.tfstate @@ -1,7 +1,7 @@ { "version": 3, "terraform_version": "0.7.3", - "serial": 30, + "serial": 31, "lineage": "deedcad1-a3e9-4e02-9135-c347bbbe0be0", "modules": [ { @@ -128,7 +128,7 @@ "description": "Infra tusd", "egress.#": "0", "id": "sg-60cc290d", - "ingress.#": "3", + "ingress.#": "4", "ingress.2214680975.cidr_blocks.#": "1", "ingress.2214680975.cidr_blocks.0": "0.0.0.0/0", "ingress.2214680975.from_port": "80", @@ -143,6 +143,13 @@ "ingress.2541437006.security_groups.#": "0", "ingress.2541437006.self": "false", "ingress.2541437006.to_port": "22", + "ingress.2617001939.cidr_blocks.#": "1", + "ingress.2617001939.cidr_blocks.0": "0.0.0.0/0", + "ingress.2617001939.from_port": "443", + "ingress.2617001939.protocol": "tcp", + "ingress.2617001939.security_groups.#": "0", + "ingress.2617001939.self": "false", + "ingress.2617001939.to_port": "443", "ingress.516175195.cidr_blocks.#": "1", "ingress.516175195.cidr_blocks.0": "0.0.0.0/0", "ingress.516175195.from_port": "8080", diff --git a/.infra/Freyfile.hcl b/.infra/Freyfile.hcl index 0658e0e..a8df4d6 100644 --- a/.infra/Freyfile.hcl +++ b/.infra/Freyfile.hcl @@ -87,6 +87,12 @@ infra resource aws_security_group "fw-tusd-main" { protocol = "tcp" to_port = 80 } + ingress { + cidr_blocks = ["0.0.0.0/0"] + from_port = 443 + protocol = "tcp" + to_port = 443 + } ingress { cidr_blocks = ["0.0.0.0/0"] from_port = 22 diff --git a/.infra/files/nginx.conf b/.infra/files/nginx.conf index d9aaf7f..36aaa0d 100644 --- a/.infra/files/nginx.conf +++ b/.infra/files/nginx.conf @@ -2,6 +2,12 @@ server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; + listen 443 ssl; + listen [::]:443 ipv6only=on ssl; + + ssl_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/master.tus.io/privkey.pem; + server_name master.tus.io; # certbot will place the files required for the HTTP challenge in the