cd nginx: enable https
This commit is contained in:
parent
533b62bed6
commit
69ead6d8cf
|
@ -44,20 +44,50 @@ with config.krebs.lib;
|
||||||
"cgit.cd.viljetic.de"
|
"cgit.cd.viljetic.de"
|
||||||
];
|
];
|
||||||
# TODO make public_html also available to cd, cd.retiolum (AKA default)
|
# TODO make public_html also available to cd, cd.retiolum (AKA default)
|
||||||
krebs.nginx.servers.public_html = {
|
krebs.nginx.servers."https://viljetic.de" = {
|
||||||
server-names = singleton "cd.viljetic.de";
|
|
||||||
locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
|
|
||||||
alias /home/$1/public_html$2;
|
|
||||||
'');
|
|
||||||
};
|
|
||||||
krebs.nginx.servers.viljetic = {
|
|
||||||
server-names = singleton "viljetic.de";
|
server-names = singleton "viljetic.de";
|
||||||
# TODO directly set root (instead via location)
|
listen = mkForce []; # disable default
|
||||||
locations = singleton (nameValuePair "/" ''
|
ssl = {
|
||||||
root ${pkgs.viljetic-pages};
|
enable = true;
|
||||||
'');
|
certificate = "/var/lib/acme/viljetic.de/fullchain.pem";
|
||||||
|
certificate_key = "/var/lib/acme/viljetic.de/key.pem";
|
||||||
|
};
|
||||||
|
locations = [
|
||||||
|
(nameValuePair "/" ''
|
||||||
|
root ${pkgs.viljetic-pages};
|
||||||
|
'')
|
||||||
|
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
|
||||||
|
alias /home/$1/public_html$2;
|
||||||
|
'')
|
||||||
|
];
|
||||||
};
|
};
|
||||||
tv.iptables.input-internet-accept-tcp = singleton "http";
|
krebs.nginx.servers."http://viljetic.de" = {
|
||||||
|
server-names = singleton "viljetic.de";
|
||||||
|
locations = [
|
||||||
|
(nameValuePair "/.well-known/acme-challenge/" ''
|
||||||
|
root /var/lib/acme/challenges/viljetic.de/;
|
||||||
|
'')
|
||||||
|
(nameValuePair "/" ''
|
||||||
|
return 301 https://viljetic.de$request_uri;
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
|
security.acme = {
|
||||||
|
certs."viljetic.de" = {
|
||||||
|
email = "tomislav@viljetic.de";
|
||||||
|
webroot = "/var/lib/acme/challenges/viljetic.de";
|
||||||
|
plugins = [
|
||||||
|
"account_key.json"
|
||||||
|
"key.pem"
|
||||||
|
"fullchain.pem"
|
||||||
|
];
|
||||||
|
user = "nginx";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
tv.iptables.input-internet-accept-tcp = [
|
||||||
|
"http"
|
||||||
|
"https"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user