security.acme: remove loop when no fallbackHost is given

This commit is contained in:
Alexander Ried 2016-09-06 17:45:57 +02:00
parent 7f98dca782
commit e84b803300
2 changed files with 6 additions and 5 deletions

View file

@ -114,17 +114,18 @@ let
port = if vhost.port != null then vhost.port else (if ssl then 443 else 80);
listenString = toString port + optionalString ssl " ssl http2"
+ optionalString vhost.default " default";
acmeLocation = optionalString vhost.enableACME ''
acmeLocation = optionalString vhost.enableACME (''
location /.well-known/acme-challenge {
try_files $uri @acme-fallback;
${optionalString (vhost.acmeFallbackHost != null) "try_files $uri @acme-fallback;"}
root ${vhost.acmeRoot};
auth_basic off;
}
'' + (optionalString (vhost.acmeFallbackHost != null) ''
location @acme-fallback {
auth_basic off;
proxy_pass http://${vhost.acmeFallbackHost};
}
'';
''));
in ''
${optionalString vhost.forceSSL ''
server {

View file

@ -39,8 +39,8 @@ with lib;
};
acmeFallbackHost = mkOption {
type = types.str;
default = "0.0.0.0";
type = types.nullOr types.str;
default = null;
description = ''
Host which to proxy requests to if acme challenge is not found. Useful
if you want multiple hosts to be able to verify the same domain name.