summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/2configs/mastodon-proxy.nix12
-rw-r--r--krebs/2configs/mastodon.nix11
-rw-r--r--krebs/2configs/reaktor2.nix2
3 files changed, 6 insertions, 19 deletions
diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix
index 35bf6020d..b579a5031 100644
--- a/krebs/2configs/mastodon-proxy.nix
+++ b/krebs/2configs/mastodon-proxy.nix
@@ -8,17 +8,9 @@
acmeFallbackHost = "hotdog.r";
locations."/" = {
# TODO use this in 22.11
- # recommendedProxySettings = true;
- proxyPass = "http://hotdog.r";
+ recommendedProxySettings = true;
+ proxyPass = "https://hotdog.r";
proxyWebsockets = true;
- extraConfig = ''
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Server $host;
- '';
};
};
};
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
index ab400955e..ebc4207a0 100644
--- a/krebs/2configs/mastodon.nix
+++ b/krebs/2configs/mastodon.nix
@@ -19,18 +19,11 @@
smtp.fromAddress = "derp";
};
- services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
- forceSSL = lib.mkForce false;
- enableACME = lib.mkForce false;
- locations."@proxy".extraConfig = ''
- proxy_redirect off;
- proxy_pass_header Server;
- proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
- '';
- };
+ security.acme.certs."social.krebsco.de".server = "https://acme-staging-v02.api.letsencrypt.org/directory";
networking.firewall.allowedTCPPorts = [
80
+ 443
];
environment.systemPackages = [
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index db7b794f4..e84827656 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -526,6 +526,8 @@ in {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
'';
+ # needed for acmeFallback in sync-containers, or other machines not reachable globally
+ locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
};
services.nginx.virtualHosts."bedge.r" = {