tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 9 Pull requests Releases Activity

conduit: Fix acme issue

Browse source 
letsencrypt will prod on port 80 to verify the domain. `listen`
overrides `addSSL`, so none of the NixOS modules' setup will actually
work.

This means the conduit virtualhost never listened on port 80, and
couldn't verify letsencrypt requests.

How this *ever* worked is beyond me, but this commit resolves the
problems (don't worry, `forceSSL` does what it says on the tin and
overrides the `listen` again).
This commit is contained in:
Tristan Daniël Maat 2023-10-13 06:08:26 +02:00
parent 55a4aaf48b
commit 759a9c7c0c
Signed by: tlater
GPG key ID: 49670FD774E43268
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
configuration/services/conduit.nix
View file

@ -183,6 +183,14 @@ in {
enableACME = true; enableACME = true;
listen = [ listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "[::0]";
port = 80;
}
{ {
addr = "0.0.0.0"; addr = "0.0.0.0";
port = 443; port = 443;
@ -200,12 +208,12 @@ in {
} }
{ {
addr = "[::0]"; addr = "[::0]";
port = 8488; port = 8448;
ssl = true; ssl = true;
} }
]; ];
addSSL = true; forceSSL = true;
extraConfig = '' extraConfig = ''
merge_slashes off; merge_slashes off;
access_log /var/log/nginx/${domain}/access.log upstream_time; access_log /var/log/nginx/${domain}/access.log upstream_time;