diff options
| author | lassulus <git@lassul.us> | 2023-12-12 19:12:20 +0100 |
|---|---|---|
| committer | lassulus <git@lassul.us> | 2023-12-12 19:12:20 +0100 |
| commit | 04f538164ce11ce977a851b6de2a9d2c5f7a9adb (patch) | |
| tree | a2e57c9525254ab43f8d2af415df36b57120a6cc | |
| parent | 25d035de777df95cd0c809e647d942a75d5a4906 (diff) | |
fix ssl cert for social.krebsco.de
| -rw-r--r-- | krebs/2configs/mastodon-proxy.nix | 12 | ||||
| -rw-r--r-- | krebs/2configs/mastodon.nix | 11 | ||||
| -rw-r--r-- | krebs/2configs/reaktor2.nix | 2 |
3 files changed, 6 insertions, 19 deletions
diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix index 35bf6020..b579a503 100644 --- a/krebs/2configs/mastodon-proxy.nix +++ b/krebs/2configs/mastodon-proxy.nix @@ -8,17 +8,9 @@ acmeFallbackHost = "hotdog.r"; locations."/" = { # TODO use this in 22.11 - # recommendedProxySettings = true; - proxyPass = "http://hotdog.r"; + recommendedProxySettings = true; + proxyPass = "https://hotdog.r"; proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - ''; }; }; }; diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix index ab400955..ebc4207a 100644 --- a/krebs/2configs/mastodon.nix +++ b/krebs/2configs/mastodon.nix @@ -19,18 +19,11 @@ smtp.fromAddress = "derp"; }; - services.nginx.virtualHosts.${config.services.mastodon.localDomain} = { - forceSSL = lib.mkForce false; - enableACME = lib.mkForce false; - locations."@proxy".extraConfig = '' - proxy_redirect off; - proxy_pass_header Server; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - ''; - }; + security.acme.certs."social.krebsco.de".server = "https://acme-staging-v02.api.letsencrypt.org/directory"; networking.firewall.allowedTCPPorts = [ 80 + 443 ]; environment.systemPackages = [ diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index db7b794f..e8482765 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -526,6 +526,8 @@ in { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; ''; + # needed for acmeFallback in sync-containers, or other machines not reachable globally + locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge"; }; services.nginx.virtualHosts."bedge.r" = { |