Mic92
/
stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix ssl cert for social.krebsco.de

This commit is contained in:
lassulus 2023-12-12 19:12:20 +01:00
parent 25d035de77
commit 04f538164c
3 changed files with 6 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
krebs/2configs/mastodon-proxy.nix
View File

@ -8,17 +8,9 @@
acmeFallbackHost = "hotdog.r";
locations."/" = {
# TODO use this in 22.11
# recommendedProxySettings = true;
proxyPass = "http://hotdog.r";
recommendedProxySettings = true;
proxyPass = "https://hotdog.r";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
'';
};
};
};

11
krebs/2configs/mastodon.nix
View File

@ -19,18 +19,11 @@
smtp.fromAddress = "derp";
};
services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
forceSSL = lib.mkForce false;
enableACME = lib.mkForce false;
locations."@proxy".extraConfig = ''
proxy_redirect off;
proxy_pass_header Server;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
'';
};
security.acme.certs."social.krebsco.de".server = "https://acme-staging-v02.api.letsencrypt.org/directory";
networking.firewall.allowedTCPPorts = [
80
443
];
environment.systemPackages = [

2
krebs/2configs/reaktor2.nix
View File

@ -526,6 +526,8 @@ in {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
'';
# needed for acmeFallback in sync-containers, or other machines not reachable globally
locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
};
services.nginx.virtualHosts."bedge.r" = {