From bf8119a027a680c3f05714cbd2d38ed5c365f496 Mon Sep 17 00:00:00 2001
From: Collin J. Doering
Date: Fri, 31 May 2024 10:19:07 -0400
Subject: balg02: Re-enable https (that was disabled in 4230616)

- https was initially disabled as nginx failed to start due to a missing certificate
- Worth noting that dhparam's were manually generated on balg02
---
 .guix/guix-na/config/balg02.scm | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/.guix/guix-na/config/balg02.scm b/.guix/guix-na/config/balg02.scm
index 7945465..371f514 100644
--- a/.guix/guix-na/config/balg02.scm
+++ b/.guix/guix-na/config/balg02.scm
@@ -225,7 +225,6 @@ PUBLISH-URL."
    "ssl_ciphers         HIGH:!aNULL:!MD5;"
    "ssl_prefer_server_ciphers on;"
 
-   ;; TODO: these need to be generated
    ;; Use our own DH parameters created with:
    ;;    openssl dhparam -out dhparams.pem 2048
    ;; as suggested at <https://weakdh.org/sysadmin.html>.
@@ -306,24 +305,25 @@ synonymous IETF language tags that should be mapped to the same $lang."
       "proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;")))
 
    ;; HTTPS servers
-   ;; (nginx-server-configuration
-   ;;  (listen '("443 ssl"))
-   ;;  (server-name '("cuirass.genenetwork.org"))
-   ;;  (ssl-certificate (le "cuirass.genenetwork.org"))
-   ;;  (ssl-certificate-key (le "cuirass.genenetwork.org" 'key))
-   ;;  (locations (balg02-locations %publish-url))
-   ;;  (raw-content
-   ;;   (append
-   ;;    %tls-settings
-   ;;    (list
-   ;;     "access_log  /var/run/nginx/https.access.log;"
-   ;;     "proxy_set_header X-Forwarded-Host $host;"
-   ;;     "proxy_set_header X-Forwarded-Port $server_port;"
-   ;;     "proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;"
-   ;;     ;; For Cuirass admin interface authentication
-   ;;     "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;"
-   ;;     "ssl_verify_client optional;"))))
-   ))
+   (nginx-server-configuration
+    (listen '("443 ssl"))
+    (server-name '("cuirass.genenetwork.org"))
+    (ssl-certificate (le "cuirass.genenetwork.org"))
+    (ssl-certificate-key (le "cuirass.genenetwork.org" 'key))
+    (locations (balg02-locations %publish-url))
+    (raw-content
+     (append
+      %tls-settings
+      (list
+       "access_log  /var/run/nginx/https.access.log;"
+       "proxy_set_header X-Forwarded-Host $host;"
+       "proxy_set_header X-Forwarded-Port $server_port;"
+       "proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;"
+       ;; TODO:
+       ;; For Cuirass admin interface authentication
+       ;; "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;"
+       ;; "ssl_verify_client optional;"
+       ))))))
 
 (define %extra-content
   (list
-- 
cgit v1.2.3