From cbb8595380a83fa99ea0932eed4e04c1753b29d0 Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@bacchus.cloud>
Date: Fri, 8 Jan 2021 22:02:22 -0700
Subject: [PATCH] refactor(NGINX): auto-load certificates

- use container-bound certificates by default
- do not use separate certificate loading include
---
 build/config/ssl-config/mozIntermediate_ssl.conf.disabled | 4 +++-
 build/config/ssl-config/mozModern_ssl.conf.disabled       | 4 +++-
 build/config/ssl_certs.conf                               | 3 ---
 build/sites/05-secured.conf.disabled                      | 3 ---
 4 files changed, 6 insertions(+), 8 deletions(-)
 delete mode 100644 build/config/ssl_certs.conf

diff --git a/build/config/ssl-config/mozIntermediate_ssl.conf.disabled b/build/config/ssl-config/mozIntermediate_ssl.conf.disabled
index e07bae9..37318e0 100644
--- a/build/config/ssl-config/mozIntermediate_ssl.conf.disabled
+++ b/build/config/ssl-config/mozIntermediate_ssl.conf.disabled
@@ -4,7 +4,9 @@
 # Generated: January 5, 2021
 #
 
-# SSL certificates should be defined in the relevant server block
+# SSL certificate and key location
+ssl_certificate         /certs/fullchain.pem;
+ssl_certificate_key     /certs/privkey.pem;
 
 # SSL parameters
 ssl_session_timeout 1d;
diff --git a/build/config/ssl-config/mozModern_ssl.conf.disabled b/build/config/ssl-config/mozModern_ssl.conf.disabled
index 5e820b7..31c5195 100644
--- a/build/config/ssl-config/mozModern_ssl.conf.disabled
+++ b/build/config/ssl-config/mozModern_ssl.conf.disabled
@@ -4,7 +4,9 @@
 # Generated: January 5, 2021
 #
 
-# SSL certificates should be defined in the relevant server block
+# SSL certificate and key location
+ssl_certificate         /certs/fullchain.pem;
+ssl_certificate_key     /certs/privkey.pem;
 
 # SSL parameters
 ssl_session_timeout 1d;
diff --git a/build/config/ssl_certs.conf b/build/config/ssl_certs.conf
deleted file mode 100644
index 2f65086..0000000
--- a/build/config/ssl_certs.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# SSL certificate for this connection
-ssl_certificate         /certs/fullchain.pem;
-ssl_certificate_key     /certs/privkey.pem;
diff --git a/build/sites/05-secured.conf.disabled b/build/sites/05-secured.conf.disabled
index 5e73166..f1f0e8c 100644
--- a/build/sites/05-secured.conf.disabled
+++ b/build/sites/05-secured.conf.disabled
@@ -30,9 +30,6 @@ server {
     listen 443 ssl http2;
     include /etc/nginx/server_names.conf;
 
-    # ssl certificates
-    include /etc/nginx/ssl_certs.conf;
-
     location / {
         try_files $uri $uri/ =404;
     }