diff options
| author | Irene Knapp <ireneista@internetsafetylabs.org> | 2025-10-20 20:30:57 -0700 |
|---|---|---|
| committer | Irene Knapp <ireneista@internetsafetylabs.org> | 2025-10-20 20:32:14 -0700 |
| commit | cedd0fee03e9ea896a7420dc79dcd51701320551 (patch) | |
| tree | 31e9e590218dd1574e734592f159fae0e1bdff4d /services/frontend | |
| parent | 7987c3d069ea6c2adb3c06d4bada0cef1121948b (diff) | |
haproxy needs to listen on IPv6
this came up during the server migration - the ACME cert failed because it was only listening on IPv4, and the new machine also does IPv6 Force-Push: it's been a long ops day and I just want this fully squared away, sorry Change-Id: Ic0a721c78059427dd38b99ff41d3e1c0566ac1cb
Diffstat (limited to 'services/frontend')
| -rw-r--r-- | services/frontend/haproxy.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/services/frontend/haproxy.nix b/services/frontend/haproxy.nix index c39fc04..8bef462 100644 --- a/services/frontend/haproxy.nix +++ b/services/frontend/haproxy.nix @@ -166,6 +166,11 @@ in (map (name: "crt " + name + "/full.pem") [ config.smalltech.domain ])) + ("bind ipv6@:443 ssl alpn h2,http/1.2 " + + builtins.concatStringsSep " " + (map (name: "crt " + name + "/full.pem") [ + config.smalltech.domain + ])) # Since this traffic is on the HTTPS port, we override the default # TCP mode. |