nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-01 15:11:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

nginx module: Add acmeFallbackHost vhost option

Browse Source
This commit is contained in:
Franz Pletz 2016-02-17 04:01:50 +01:00 committed by Robin Gloster
parent 811f243ce6
commit 4e5c7913e9
2 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -78,6 +78,15 @@ let
ssl = vhost.enableSSL || vhost.forceSSL;
port = if vhost.port != null then vhost.port else (if ssl then 443 else 80);
listenString = toString port + optionalString ssl " ssl spdy";
acmeLocation = optionalString vhost.enableACME ''
location /.well-known/acme-challenge {
try_files $uri @acme-fallback;
root ${vhost.acmeRoot};
}
location @acme-fallback {
proxy_pass http://${vhost.acmeFallbackHost};
}
'';
in ''
${optionalString vhost.forceSSL ''
server {
@ -85,7 +94,7 @@ let
listen [::]:80;
server_name ${serverName} ${concatStringsSep " " vhost.serverAliases};
${optionalString vhost.enableACME "location /.well-known/acme-challenge { root ${vhost.acmeRoot}; }"}
${acmeLocation}
location / {
return 301 https://$host${optionalString (port != 443) ":${port}"}$request_uri;
}
@ -97,7 +106,7 @@ let
listen [::]:${listenString};
server_name ${serverName} ${concatStringsSep " " vhost.serverAliases};
${optionalString vhost.enableACME "location /.well-known/acme-challenge { root ${vhost.acmeRoot}; }"}
${acmeLocation}
${optionalString (vhost.root != null) "root ${vhost.root};"}
${optionalString (vhost.globalRedirect != null) ''
return 301 https://${vhost.globalRedirect}$request_uri;

9
nixos/modules/services/web-servers/nginx/vhost-options.nix
View File

@ -38,6 +38,15 @@ with lib;
description = "Directory to store certificates and keys managed by the ACME service.";
};
acmeFallbackHost = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
Host which to proxy requests to if acme challenge is not found. Useful
if you want multiple hosts to be able to verify the same domain name.
'';
};
enableSSL = mkOption {
type = types.bool;
default = false;