commit 4e5c7913e9db6906b031bb8310ba811f533854d3

pyrox.dev / nixpkgs

lol

fork atom

nginx module: Add acmeFallbackHost vhost option

authored by

Franz Pletz and committed by

Robin Gloster 9 years ago 4e5c7913 811f243c

+20 -2

2 changed files

expand all

unified split

nixos

modules

services

web-servers

nginx

default.nix

vhost-options.nix

+11 -2

nixos/modules/services/web-servers/nginx/default.nix

··· 78 78 ssl = vhost.enableSSL || vhost.forceSSL; 79 79 port = if vhost.port != null then vhost.port else (if ssl then 443 else 80); 80 80 listenString = toString port + optionalString ssl " ssl spdy"; 81 + acmeLocation = optionalString vhost.enableACME '' 82 + location /.well-known/acme-challenge { 83 + try_files $uri @acme-fallback; 84 + root ${vhost.acmeRoot}; 85 + } 86 + location @acme-fallback { 87 + proxy_pass http://${vhost.acmeFallbackHost}; 88 + } 89 + ''; 81 90 in '' 82 91 ${optionalString vhost.forceSSL '' 83 92 server { ··· 85 94 listen [::]:80; 86 95 87 96 server_name ${serverName} ${concatStringsSep " " vhost.serverAliases}; 88 - ${optionalString vhost.enableACME "location /.well-known/acme-challenge { root ${vhost.acmeRoot}; }"} 97 + ${acmeLocation} 89 98 location / { 90 99 return 301 https://$host${optionalString (port != 443) ":${port}"}$request_uri; 91 100 } ··· 97 106 listen [::]:${listenString}; 98 107 99 108 server_name ${serverName} ${concatStringsSep " " vhost.serverAliases}; 100 - ${optionalString vhost.enableACME "location /.well-known/acme-challenge { root ${vhost.acmeRoot}; }"} 109 + ${acmeLocation} 101 110 ${optionalString (vhost.root != null) "root ${vhost.root};"} 102 111 ${optionalString (vhost.globalRedirect != null) '' 103 112 return 301 https://${vhost.globalRedirect}$request_uri;

nixos/modules/services/web-servers/nginx/vhost-options.nix

··· 38 38 description = "Directory to store certificates and keys managed by the ACME service."; 39 39 }; 40 40 41 + acmeFallbackHost = mkOption { 42 + type = types.str; 43 + default = "0.0.0.0"; 44 + description = '' 45 + Host which to proxy requests to if acme challenge is not found. Useful 46 + if you want multiple hosts to be able to verify the same domain name. 47 + ''; 48 + }; 49 + 41 50 enableSSL = mkOption { 42 51 type = types.bool; 43 52 default = false;