modules: services: matrix: SSL only for server

This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

```nginx
server {
        server_name matrix.belanyi.fr ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}
```
This commit is contained in:
Bruno BELANYI 2021-07-13 17:43:26 +02:00
parent 21f48b5f71
commit 971b610cd5

View file

@ -121,7 +121,7 @@ in
services.nginx.virtualHosts = {
"matrix.${domain}" = {
forceSSL = true;
onlySSL = true;
useACMEHost = domain;
locations =
@ -149,7 +149,7 @@ in
# same as above, but listening on the federation port
"matrix.${domain}_federation" = rec {
forceSSL = true;
onlySSL = true;
serverName = "matrix.${domain}";
useACMEHost = domain;