modules: services: matrix: SSL only for server
This is a requirement anyway for homeservers, and the `forceSSL` option tried to create a redirect for non-SSL traffic, except the `listen` option only provided SSL endpoints anyway, so this resulted in additional rules in the nginx config looking like this: ```nginx server { server_name matrix.belanyi.fr ; location /.well-known/acme-challenge { root /var/lib/acme/acme-challenge; auth_basic off; } location / { return 301 https://$host$request_uri; } } ```
This commit is contained in:
parent
21f48b5f71
commit
971b610cd5
|
@ -121,7 +121,7 @@ in
|
||||||
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"matrix.${domain}" = {
|
"matrix.${domain}" = {
|
||||||
forceSSL = true;
|
onlySSL = true;
|
||||||
useACMEHost = domain;
|
useACMEHost = domain;
|
||||||
|
|
||||||
locations =
|
locations =
|
||||||
|
@ -149,7 +149,7 @@ in
|
||||||
|
|
||||||
# same as above, but listening on the federation port
|
# same as above, but listening on the federation port
|
||||||
"matrix.${domain}_federation" = rec {
|
"matrix.${domain}_federation" = rec {
|
||||||
forceSSL = true;
|
onlySSL = true;
|
||||||
serverName = "matrix.${domain}";
|
serverName = "matrix.${domain}";
|
||||||
useACMEHost = domain;
|
useACMEHost = domain;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue