From 587015b9d7d3955d8e1c8d89ef95047078492f9a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 20 Aug 2022 21:50:48 +0200
Subject: tv nginx: close requests with bad Host header

---
 tv/2configs/nginx/default.nix | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

(limited to 'tv/2configs/nginx/default.nix')

diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix
index b0acb943..e68fc714 100644
--- a/tv/2configs/nginx/default.nix
+++ b/tv/2configs/nginx/default.nix
@@ -8,18 +8,13 @@ with import <stockholm/lib>;
     recommendedOptimisation = true;
     recommendedTlsSettings = true;
 
-    virtualHosts._http = {
+    virtualHosts.${toJSON ""} = {
       default = true;
       extraConfig = ''
-        return 404;
-      '';
-    };
-
-    virtualHosts.default = {
-      locations."= /etc/os-release".extraConfig = ''
-        default_type text/plain;
-        alias /etc/os-release;
+        error_page 400 =444 /;
+        return 444;
       '';
+      rejectSSL = true;
     };
   };
   tv.iptables = {
-- 
cgit v1.2.3


From b00873ffa73fdee8473158be7de11557ab4e36b7 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 20 Aug 2022 22:32:00 +0200
Subject: tv nginx: enable reload

---
 tv/2configs/nginx/default.nix | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'tv/2configs/nginx/default.nix')

diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix
index e68fc714..efea3a84 100644
--- a/tv/2configs/nginx/default.nix
+++ b/tv/2configs/nginx/default.nix
@@ -4,6 +4,8 @@ with import <stockholm/lib>;
 
 {
   services.nginx = {
+    enableReload = true;
+
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedTlsSettings = true;
-- 
cgit v1.2.3