diff options
| author | oddlama <oddlama@oddlama.org> | 2023-07-27 13:35:23 +0200 |
|---|---|---|
| committer | oddlama <oddlama@oddlama.org> | 2023-07-27 15:30:38 +0200 |
| commit | cbdaab0f172114d15e489ca18e6f5c4f727115ab (patch) | |
| tree | 048620e9194829eb27dad1fb178c30b0cf1039bb /nixos/modules/services/web-servers/nginx/default.nix | |
| parent | 7ce0abe77d2ace6d6fc43ff7077019e62a77e741 (diff) | |
| download | nixlib-cbdaab0f172114d15e489ca18e6f5c4f727115ab.tar nixlib-cbdaab0f172114d15e489ca18e6f5c4f727115ab.tar.gz nixlib-cbdaab0f172114d15e489ca18e6f5c4f727115ab.tar.bz2 nixlib-cbdaab0f172114d15e489ca18e6f5c4f727115ab.tar.lz nixlib-cbdaab0f172114d15e489ca18e6f5c4f727115ab.tar.xz nixlib-cbdaab0f172114d15e489ca18e6f5c4f727115ab.tar.zst nixlib-cbdaab0f172114d15e489ca18e6f5c4f727115ab.zip | |
nixos/nginx: remove unnecessary acme locations to allow double proxied setups
Diffstat (limited to 'nixos/modules/services/web-servers/nginx/default.nix')
| -rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index e87159ba99c7..74a00f20b653 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -362,7 +362,9 @@ let redirectListen = filter (x: !x.ssl) defaultListen; - acmeLocation = optionalString (vhost.enableACME || vhost.useACMEHost != null) '' + # The acme-challenge location doesn't need to be added if we are not using any automated + # certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge + acmeLocation = optionalString (vhost.enableACME || (vhost.useACMEHost != null && config.security.acme.certs.${vhost.useACMEHost}.dnsProvider == null)) '' # Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx) # We use ^~ here, so that we don't check any regexes (which could # otherwise easily override this intended match accidentally). |