moritz/clan
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: nginx and acme config

Browse source
This commit is contained in:
Moritz Böhme 2025-05-14 15:25:46 +02:00
parent dad5fb17ec
commit d2ace8d73a
No known key found for this signature in database
GPG key ID: 970C6E89EB0547A9
1 changed files with 41 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

50
machines/moritz-server/reverse-proxy.nix
View file

@ -1,4 +1,4 @@
{ {config, ...}: {
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
bantime-increment.enable = true; bantime-increment.enable = true;
@ -49,9 +49,10 @@
''; '';
}; };
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [80 1443 443];
services.nginx = { services.nginx = {
enable = true; enable = true;
logError = "stderr info";
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"moritzboeh.me" = { "moritzboeh.me" = {
@ -61,8 +62,20 @@
}; };
}; };
"moritz.foo" = { "moritz.foo" = {
forceSSL = true;
useACMEHost = "moritz.foo";
locations."/" = { locations."/" = {
return = "200 'Hello World!'"; return = "301 https://www.moritz.foo";
};
};
"www.moritz.foo" = {
forceSSL = true;
useACMEHost = "any.moritz.foo";
locations."/" = {
extraConfig = ''
add_header Content-Type text/html;
'';
return = "200 '<html><body>Hello World</body></html>'";
}; };
}; };
}; };
@ -76,18 +89,37 @@
} }
map $ssl_preread_server_name $name { map $ssl_preread_server_name $name {
*.moritz.foo self; hostnames;
moritz.foo self; .moritz.foo self;
*.moritzboeh.me diskstation; .moritzboeh.me diskstation;
moritzboeh.me diskstation;
default diskstation;
} }
server { server {
listen 443; listen 1443;
ssl_preread on; ssl_preread on;
proxy_pass $name; proxy_pass $name;
} }
''; '';
}; };
security.acme = {
acceptTerms = true;
defaults.email = "acme@moritzboeh.me";
defaults.dnsResolver = "1.1.1.1:53";
certs."moritz.foo" = {
dnsProvider = "cloudflare";
group = "nginx";
environmentFile = config.clan.core.vars.generators.acme.files.vars.path;
};
certs."any.moritz.foo" = {
domain = "*.moritz.foo";
dnsProvider = "cloudflare";
group = "nginx";
environmentFile = config.clan.core.vars.generators.acme.files.vars.path;
};
};
clan.core.vars.generators.acme.prompts.vars = {
persist = true;
type = "multiline";
};
} }