fix ssl cert for social.krebsco.de
This commit is contained in:
parent
25d035de77
commit
04f538164c
@ -8,17 +8,9 @@
|
|||||||
acmeFallbackHost = "hotdog.r";
|
acmeFallbackHost = "hotdog.r";
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
# TODO use this in 22.11
|
# TODO use this in 22.11
|
||||||
# recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
proxyPass = "http://hotdog.r";
|
proxyPass = "https://hotdog.r";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header X-Forwarded-Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Server $host;
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -19,18 +19,11 @@
|
|||||||
smtp.fromAddress = "derp";
|
smtp.fromAddress = "derp";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
|
security.acme.certs."social.krebsco.de".server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||||
forceSSL = lib.mkForce false;
|
|
||||||
enableACME = lib.mkForce false;
|
|
||||||
locations."@proxy".extraConfig = ''
|
|
||||||
proxy_redirect off;
|
|
||||||
proxy_pass_header Server;
|
|
||||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
80
|
80
|
||||||
|
443
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
|
@ -526,6 +526,8 @@ in {
|
|||||||
add_header 'Access-Control-Allow-Origin' '*';
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||||
'';
|
'';
|
||||||
|
# needed for acmeFallback in sync-containers, or other machines not reachable globally
|
||||||
|
locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."bedge.r" = {
|
services.nginx.virtualHosts."bedge.r" = {
|
||||||
|
Loading…
Reference in New Issue
Block a user