From a420e37612a8696f0b91eef4c51ce1589e589265 Mon Sep 17 00:00:00 2001
From: missytake <missytake@systemli.org>
Date: Mon, 13 Nov 2023 19:05:38 +0100
Subject: [PATCH] MTA-STS: the HTTPS route needs to be mta-sts.@ not _mta-sts

---
 .../src/deploy_chatmail/nginx/nginx.conf.j2   | 26 +++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/deploy-chatmail/src/deploy_chatmail/nginx/nginx.conf.j2 b/deploy-chatmail/src/deploy_chatmail/nginx/nginx.conf.j2
index 7484d339..186e2642 100644
--- a/deploy-chatmail/src/deploy_chatmail/nginx/nginx.conf.j2
+++ b/deploy-chatmail/src/deploy_chatmail/nginx/nginx.conf.j2
@@ -20,8 +20,6 @@ http {
 
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
 	ssl_prefer_server_ciphers on;
-	ssl_certificate /var/lib/acme/live/{{ config.domain_name }}/fullchain;
-	ssl_certificate_key /var/lib/acme/live/{{ config.domain_name }}/privkey;
 
 	gzip on;
 
@@ -30,6 +28,8 @@ http {
 		listen [::]:80 default_server;
 		listen 443 ssl default_server;
 		listen [::]:443 ssl default_server;
+        ssl_certificate /var/lib/acme/live/{{ config.domain_name }}/fullchain;
+        ssl_certificate_key /var/lib/acme/live/{{ config.domain_name }}/privkey;
 
 		root /var/www/html;
 
@@ -37,6 +37,28 @@ http {
 
 		server_name _;
 
+		location / {
+			# First attempt to serve request as file, then
+			# as directory, then fall back to displaying a 404.
+			try_files $uri $uri/ =404;
+		}
+	}
+	server {
+		listen 80;
+		listen [::]:80;
+		listen 443 ssl;
+		listen [::]:443 ssl;
+
+		root /var/www/html;
+
+		index index.html index.htm;
+
+		server_name mta-sts.{{ config.domain_name }};
+
+        ssl_certificate /var/lib/acme/live/mta-sts.{{ config.domain_name }}/fullchain;
+    	ssl_certificate_key /var/lib/acme/live/mta-sts.{{ config.domain_name }}/privkey;
+
+
 		location / {
 			# First attempt to serve request as file, then
 			# as directory, then fall back to displaying a 404.