ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

modules: services: matrix: SSL only for server

Browse source 
This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

```nginx
server {
        server_name matrix.belanyi.fr ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}
```
This commit is contained in:
Bruno BELANYI 2021-07-13 17:43:26 +02:00
parent cdbd37b506
commit 5fcc96ab77
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
modules/services/matrix.nix
View file

@ -121,7 +121,7 @@ in
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"matrix.${domain}" = { "matrix.${domain}" = {
forceSSL = true; onlySSL = true;
useACMEHost = domain; useACMEHost = domain;
locations = locations =
@ -149,7 +149,7 @@ in
# same as above, but listening on the federation port # same as above, but listening on the federation port
"matrix.${domain}_federation" = rec { "matrix.${domain}_federation" = rec {
forceSSL = true; onlySSL = true;
serverName = "matrix.${domain}"; serverName = "matrix.${domain}";
useACMEHost = domain; useACMEHost = domain;