Ryan Lane has uploaded a new change for review.
https://gerrit.wikimedia.org/r/90738
Change subject: localssl: listen on both ipv6 and ipv4 sockets
......................................................................
localssl: listen on both ipv6 and ipv4 sockets
If nginx only listens on ipv6 sockets, then it will also accept
IPv4 traffic, but will use a mapped address format. This breaks
bits geoip lookups, since they only handle ipv4 addresses.
Change-Id: I773a5ad28d4d194be92cff794c275a7d9514f939
---
M modules/protoproxy/templates/localssl.erb
1 file changed, 2 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/38/90738/1
diff --git a/modules/protoproxy/templates/localssl.erb
b/modules/protoproxy/templates/localssl.erb
index 55f99ff..96ca83a 100644
--- a/modules/protoproxy/templates/localssl.erb
+++ b/modules/protoproxy/templates/localssl.erb
@@ -3,7 +3,8 @@
# SSL proxying
server {
- listen [::]:443 ssl;
+ listen [::]:443 ssl ipv6only=on;
+ listen 443 ssl;
ssl on;
server_name <%= @fqdn %>;
--
To view, visit https://gerrit.wikimedia.org/r/90738
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I773a5ad28d4d194be92cff794c275a7d9514f939
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ryan Lane <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
