mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-23 07:23:20 +00:00
nixos/nginx: don't add .well-known locations for acme when using DNS-01 challenge
This commit is contained in:
parent
9f84a63460
commit
a586e82ef6
@ -352,7 +352,8 @@ let
|
||||
|
||||
# The acme-challenge location doesn't need to be added if we are not using any automated
|
||||
# certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge
|
||||
acmeLocation = optionalString (vhost.enableACME || (vhost.useACMEHost != null && config.security.acme.certs.${vhost.useACMEHost}.dnsProvider == null))
|
||||
acmeName = if vhost.useACMEHost != null then vhost.useACMEHost else vhostName;
|
||||
acmeLocation = optionalString ((vhost.enableACME || vhost.useACMEHost != null) && config.security.acme.certs.${acmeName}.dnsProvider == null)
|
||||
# Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx)
|
||||
# We use ^~ here, so that we don't check any regexes (which could
|
||||
# otherwise easily override this intended match accidentally).
|
||||
|
Loading…
Reference in New Issue
Block a user