public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nginx module: Add acmeFallbackHost vhost option

Browse Source
This commit is contained in:
Franz Pletz 2016-02-17 04:01:50 +01:00 committed by Robin Gloster
parent 811f243ce6
commit 4e5c7913e9
2 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -78,6 +78,15 @@ let
ssl = vhost.enableSSL || vhost.forceSSL; ssl = vhost.enableSSL || vhost.forceSSL;
port = if vhost.port != null then vhost.port else (if ssl then 443 else 80); port = if vhost.port != null then vhost.port else (if ssl then 443 else 80);
listenString = toString port + optionalString ssl " ssl spdy"; listenString = toString port + optionalString ssl " ssl spdy";
acmeLocation = optionalString vhost.enableACME ''
location /.well-known/acme-challenge {
try_files $uri @acme-fallback;
root ${vhost.acmeRoot};
}
location @acme-fallback {
proxy_pass http://${vhost.acmeFallbackHost};
}
'';
in '' in ''
${optionalString vhost.forceSSL '' ${optionalString vhost.forceSSL ''
server { server {
@ -85,7 +94,7 @@ let
listen [::]:80; listen [::]:80;
server_name ${serverName} ${concatStringsSep " " vhost.serverAliases}; server_name ${serverName} ${concatStringsSep " " vhost.serverAliases};
${optionalString vhost.enableACME "location /.well-known/acme-challenge { root ${vhost.acmeRoot}; }"} ${acmeLocation}
location / { location / {
return 301 https://$host${optionalString (port != 443) ":${port}"}$request_uri; return 301 https://$host${optionalString (port != 443) ":${port}"}$request_uri;
} }
@ -97,7 +106,7 @@ let
listen [::]:${listenString}; listen [::]:${listenString};
server_name ${serverName} ${concatStringsSep " " vhost.serverAliases}; server_name ${serverName} ${concatStringsSep " " vhost.serverAliases};
${optionalString vhost.enableACME "location /.well-known/acme-challenge { root ${vhost.acmeRoot}; }"} ${acmeLocation}
${optionalString (vhost.root != null) "root ${vhost.root};"} ${optionalString (vhost.root != null) "root ${vhost.root};"}
${optionalString (vhost.globalRedirect != null) '' ${optionalString (vhost.globalRedirect != null) ''
return 301 https://${vhost.globalRedirect}$request_uri; return 301 https://${vhost.globalRedirect}$request_uri;

9
nixos/modules/services/web-servers/nginx/vhost-options.nix
View File

@ -38,6 +38,15 @@ with lib;
description = "Directory to store certificates and keys managed by the ACME service."; description = "Directory to store certificates and keys managed by the ACME service.";
}; };
acmeFallbackHost = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
Host which to proxy requests to if acme challenge is not found. Useful
if you want multiple hosts to be able to verify the same domain name.
'';
};
enableSSL = mkOption { enableSSL = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;