From 2f66ac01e91d70837377c4356e5c99843b71f105 Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Tue, 23 Nov 2021 15:20:30 +0300
Subject: [PATCH] nixos/nginx: disable rejectSSL activation when https is
 disabled

---
 nixos/modules/services/web-servers/nginx/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 459cee34132c..4aeca1754326 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -313,7 +313,7 @@ let
           ${optionalString (hasSSL && vhost.sslTrustedCertificate != null) ''
             ssl_trusted_certificate ${vhost.sslTrustedCertificate};
           ''}
-          ${optionalString vhost.rejectSSL ''
+          ${optionalString (hasSSL && vhost.rejectSSL) ''
             ssl_reject_handshake on;
           ''}
           ${optionalString (hasSSL && vhost.kTLS) ''