conduit: Fix acme issue

letsencrypt will prod on port 80 to verify the domain. `listen` overrides `addSSL`, so none of the NixOS modules' setup will actually work. This means the conduit virtualhost never listened on port 80, and couldn't verify letsencrypt requests. How this *ever* worked is beyond me, but this commit resolves the problems (don't worry, `forceSSL` does what it says on the tin and overrides the `listen` again).
2023-10-13 06:08:26 +02:00 · 2023-10-13 06:08:26 +02:00 · 759a9c7c0c
parent 55a4aaf48b
commit 759a9c7c0c
1 changed files with 10 additions and 2 deletions
--- a/configuration/services/conduit.nix
+++ b/configuration/services/conduit.nix
@ -183,6 +183,14 @@ in {
    enableACME = true;

    listen = [
+      {
+        addr = "0.0.0.0";
+        port = 80;
+      }
+      {
+        addr = "[::0]";
+        port = 80;
+      }
      {
        addr = "0.0.0.0";
        port = 443;
@ -200,12 +208,12 @@ in {
      }
      {
        addr = "[::0]";
-        port = 8488;
+        port = 8448;
        ssl = true;
      }
    ];

-    addSSL = true;
+    forceSSL = true;
    extraConfig = ''
      merge_slashes off;
      access_log /var/log/nginx/${domain}/access.log upstream_time;