diff options
author | Domen Kožar <domen@dev.si> | 2016-10-21 13:17:39 +0200 |
---|---|---|
committer | Domen Kožar <domen@dev.si> | 2016-10-21 13:19:04 +0200 |
commit | d8f21b3ca3962c725eddc3d6513acaeca25c2e7f (patch) | |
tree | c918a04e4ce711dfcb64e1d8c0a8f1f60afb1694 | |
parent | cbec6a304a96908b35502c9e126b08968fc77ab2 (diff) | |
download | nixlib-d8f21b3ca3962c725eddc3d6513acaeca25c2e7f.tar nixlib-d8f21b3ca3962c725eddc3d6513acaeca25c2e7f.tar.gz nixlib-d8f21b3ca3962c725eddc3d6513acaeca25c2e7f.tar.bz2 nixlib-d8f21b3ca3962c725eddc3d6513acaeca25c2e7f.tar.lz nixlib-d8f21b3ca3962c725eddc3d6513acaeca25c2e7f.tar.xz nixlib-d8f21b3ca3962c725eddc3d6513acaeca25c2e7f.tar.zst nixlib-d8f21b3ca3962c725eddc3d6513acaeca25c2e7f.zip |
acme: provide full nginx example
(cherry picked from commit 2af7382f76a6523f1220637b3ec49ad25a02b040) Signed-off-by: Domen Kožar <domen@dev.si>
-rw-r--r-- | nixos/modules/security/acme.xml | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml index 15ed4c04a23d..c8a2171eff75 100644 --- a/nixos/modules/security/acme.xml +++ b/nixos/modules/security/acme.xml @@ -74,9 +74,29 @@ options for the <literal>security.acme</literal> module.</para> </para> <programlisting> +security.acme.certs."foo.example.com" = { + webroot = "/var/www/challenges"; + email = "foo@example.com"; + user = "nginx"; + group = "nginx"; + postRun = "systemctl restart nginx.service"; +}; services.nginx.httpConfig = '' server { server_name foo.example.com; + listen [::]:80; + + location /.well-known/acme-challenge { + root /var/www/challenges; + } + + location / { + return 301 https://$host$request_uri; + } + } + + server { + server_name foo.example.com; listen 443 ssl; ssl_certificate ${config.security.acme.directory}/foo.example.com/fullchain.pem; ssl_certificate_key ${config.security.acme.directory}/foo.example.com/key.pem; |