Merge pull request #276260 from Izorkin/update-nginx-acme-locations

nixos/nginx: change position acmeLocation in nginx configuration
This commit is contained in:
Ryan Lahfa 2023-12-31 21:23:17 +01:00 committed by GitHub
commit 5ab6191ee5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -352,10 +352,11 @@ let
# The acme-challenge location doesn't need to be added if we are not using any automated
# certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge
acmeLocation = optionalString (vhost.enableACME || (vhost.useACMEHost != null && config.security.acme.certs.${vhost.useACMEHost}.dnsProvider == null)) ''
acmeLocation = optionalString (vhost.enableACME || (vhost.useACMEHost != null && config.security.acme.certs.${vhost.useACMEHost}.dnsProvider == null))
# Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx)
# We use ^~ here, so that we don't check any regexes (which could
# otherwise easily override this intended match accidentally).
''
location ^~ /.well-known/acme-challenge/ {
${optionalString (vhost.acmeFallbackHost != null) "try_files $uri @acme-fallback;"}
${optionalString (vhost.acmeRoot != null) "root ${vhost.acmeRoot};"}
@ -375,10 +376,11 @@ let
${concatMapStringsSep "\n" listenString redirectListen}
server_name ${vhost.serverName} ${concatStringsSep " " vhost.serverAliases};
${acmeLocation}
location / {
return ${toString vhost.redirectCode} https://$host$request_uri;
}
${acmeLocation}
}
''}
@ -392,13 +394,6 @@ let
http3 ${if vhost.http3 then "on" else "off"};
http3_hq ${if vhost.http3_hq then "on" else "off"};
''}
${acmeLocation}
${optionalString (vhost.root != null) "root ${vhost.root};"}
${optionalString (vhost.globalRedirect != null) ''
location / {
return ${toString vhost.redirectCode} http${optionalString hasSSL "s"}://${vhost.globalRedirect}$request_uri;
}
''}
${optionalString hasSSL ''
ssl_certificate ${vhost.sslCertificate};
ssl_certificate_key ${vhost.sslCertificateKey};
@ -421,6 +416,14 @@ let
${mkBasicAuth vhostName vhost}
${optionalString (vhost.root != null) "root ${vhost.root};"}
${optionalString (vhost.globalRedirect != null) ''
location / {
return ${toString vhost.redirectCode} http${optionalString hasSSL "s"}://${vhost.globalRedirect}$request_uri;
}
''}
${acmeLocation}
${mkLocations vhost.locations}
${vhost.extraConfig}