From e7badfc6798493930c2c6a7413558b85218ec1ed Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Jan 22 2021 15:30:27 +0000
Subject: copr-be: experiment with ipv6/ipv4 x 80/443


This is according to lighttpd best practices?
https://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config#Recommended-IPv6-setup

---

diff --git a/roles/copr/backend/templates/lighttpd/lighttpd.conf b/roles/copr/backend/templates/lighttpd/lighttpd.conf
index 945e0a1..17d32d8 100644
--- a/roles/copr/backend/templates/lighttpd/lighttpd.conf
+++ b/roles/copr/backend/templates/lighttpd/lighttpd.conf
@@ -103,12 +103,11 @@ cgi.assign = ( ".pl"  => "/usr/bin/perl",
 ##  Basic Configuration
 ## ---------------------
 ##
-server.port = 80
 
-##
-## Use IPv6?
-##
-server.use-ipv6 = "enable"
+# Per https://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config#Recommended-IPv6-setup
+server.bind = "0.0.0.0"
+server.port = 80
+$SERVER["socket"] == "[::]:80" {  }
 
 ##
 ## bind to a specific IP
@@ -485,7 +484,9 @@ $HTTP["url"] =~ "^/.well-known/" {
 }
 
 # Enable HTTPS
-$SERVER["socket"] == "0.0.0.0:443" {
+{% for https_bind in ["0.0.0.0:443", "[::]:443"] %}
+# we need to have this twice: https://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config#Recommended-IPv6-setup
+$SERVER["socket"] == "{{ https_bind }}" {
     ssl.engine              = "enable"
 {% for hostname, _ in letsencrypt.certificates.items()  %}
     ssl.ca-file             = "/etc/letsencrypt/live/{{ hostname }}/chain.pem"
@@ -499,8 +500,7 @@ $SERVER["socket"] == "0.0.0.0:443" {
     ssl.use-sslv3           = "disable"
 }
 {% endif %}
-
-$SERVER["socket"] == "0.0.0.0:80" {}
+{% endfor %}
 
 url.redirect               = ( "^/results/sgallagh/cockpit-preview/(.+)" => "/results/@cockpit/cockpit-preview/$1" )