From 5fcc96ab779c175bcfa6496b139f9dc6bd833e18 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 13 Jul 2021 17:43:26 +0200 Subject: [PATCH] modules: services: matrix: SSL only for server This is a requirement anyway for homeservers, and the `forceSSL` option tried to create a redirect for non-SSL traffic, except the `listen` option only provided SSL endpoints anyway, so this resulted in additional rules in the nginx config looking like this: ```nginx server { server_name matrix.belanyi.fr ; location /.well-known/acme-challenge { root /var/lib/acme/acme-challenge; auth_basic off; } location / { return 301 https://$host$request_uri; } } ``` --- modules/services/matrix.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index fd4e90c..8f8c82e 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -121,7 +121,7 @@ in services.nginx.virtualHosts = { "matrix.${domain}" = { - forceSSL = true; + onlySSL = true; useACMEHost = domain; locations = @@ -149,7 +149,7 @@ in # same as above, but listening on the federation port "matrix.${domain}_federation" = rec { - forceSSL = true; + onlySSL = true; serverName = "matrix.${domain}"; useACMEHost = domain;