Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli@curii.com>
--- /dev/null
+---
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+aws_credentials:
+ region: __LE_AWS_REGION__
+ access_key_id: __LE_AWS_ACCESS_KEY_ID__
+ secret_access_key: __LE_AWS_SECRET_ACCESS_KEY__
--- /dev/null
+---
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+### LETSENCRYPT
+letsencrypt:
+ use_package: true
+ pkgs:
+ - certbot: latest
+ - python3-certbot-nginx
+ config:
+ server: https://acme-v02.api.letsencrypt.org/directory
+ email: __INITIAL_USER_EMAIL__
+ authenticator: nginx
+ agree-tos: true
+ keep-until-expiring: true
+ expand: true
+ max-log-backups: 0
+ deploy-hook: systemctl reload nginx
+
+ domainsets:
+ __HOSTNAME_EXT__:
+ - __HOSTNAME_EXT__
- server:
- server_name: _
- listen:
- - 80 default_server
+ - 80
- location /.well-known:
- root: /var/www
- location /:
### SITES
servers:
managed:
- # Remove default webserver
+ # Update default config to redirect to https
default:
- enabled: false
+ enabled: true
+ overwrite: true
+ config:
+ - server:
+ - server_name: _
+ - listen:
+ - 80 default_server
+ - location /.well-known:
+ - root: /var/www
+ - location /:
+ - return: '301 https://$host$request_uri'