dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/nginx: remove unnecessary acme locations to allow double proxied setups

Browse Source
This commit is contained in:
oddlama 2023-07-27 13:35:23 +02:00
parent 7ce0abe77d
commit cbdaab0f17
No known key found for this signature in database
GPG Key ID: 14EFE510775FE39A
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -362,7 +362,9 @@ let
redirectListen = filter (x: !x.ssl) defaultListen; redirectListen = filter (x: !x.ssl) defaultListen;
acmeLocation = optionalString (vhost.enableACME || vhost.useACMEHost != null) '' # The acme-challenge location doesn't need to be added if we are not using any automated
# certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge
acmeLocation = optionalString (vhost.enableACME || (vhost.useACMEHost != null && config.security.acme.certs.${vhost.useACMEHost}.dnsProvider == null)) ''
# Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx) # Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx)
# We use ^~ here, so that we don't check any regexes (which could # We use ^~ here, so that we don't check any regexes (which could
# otherwise easily override this intended match accidentally). # otherwise easily override this intended match accidentally).