security.acme: remove loop when no fallbackHost is given
This commit is contained in:
parent
7f98dca782
commit
e84b803300
2 changed files with 6 additions and 5 deletions
|
@ -114,17 +114,18 @@ let
|
|||
port = if vhost.port != null then vhost.port else (if ssl then 443 else 80);
|
||||
listenString = toString port + optionalString ssl " ssl http2"
|
||||
+ optionalString vhost.default " default";
|
||||
acmeLocation = optionalString vhost.enableACME ''
|
||||
acmeLocation = optionalString vhost.enableACME (''
|
||||
location /.well-known/acme-challenge {
|
||||
try_files $uri @acme-fallback;
|
||||
${optionalString (vhost.acmeFallbackHost != null) "try_files $uri @acme-fallback;"}
|
||||
root ${vhost.acmeRoot};
|
||||
auth_basic off;
|
||||
}
|
||||
'' + (optionalString (vhost.acmeFallbackHost != null) ''
|
||||
location @acme-fallback {
|
||||
auth_basic off;
|
||||
proxy_pass http://${vhost.acmeFallbackHost};
|
||||
}
|
||||
'';
|
||||
''));
|
||||
in ''
|
||||
${optionalString vhost.forceSSL ''
|
||||
server {
|
||||
|
|
|
@ -39,8 +39,8 @@ with lib;
|
|||
};
|
||||
|
||||
acmeFallbackHost = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Host which to proxy requests to if acme challenge is not found. Useful
|
||||
if you want multiple hosts to be able to verify the same domain name.
|
||||
|
|
Loading…
Reference in a new issue