diff options
author | pennae <82953136+pennae@users.noreply.github.com> | 2024-05-01 18:21:17 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-01 18:21:17 +0200 |
commit | af4ba8165b0093aa458ded8e21dc3b206b06a9c9 (patch) | |
tree | 960df87bdcf1509d2dde5973a22a2d3a20c09b0b | |
parent | cadb9fc5e45ca55ad2d3943b60b38d47a00b6b8a (diff) | |
parent | a586e82ef6c96b1425810550a43cfa4c1c947307 (diff) |
Merge pull request #308303 from Lynnaut/nginx-acme
nixos/nginx: don't add .well-known locations for acme when using DNS-01
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 337d53e869efe..08fab09e1e559 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -352,7 +352,8 @@ let # The acme-challenge location doesn't need to be added if we are not using any automated # certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge - acmeLocation = optionalString (vhost.enableACME || (vhost.useACMEHost != null && config.security.acme.certs.${vhost.useACMEHost}.dnsProvider == null)) + acmeName = if vhost.useACMEHost != null then vhost.useACMEHost else vhostName; + acmeLocation = optionalString ((vhost.enableACME || vhost.useACMEHost != null) && config.security.acme.certs.${acmeName}.dnsProvider == null) # Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx) # We use ^~ here, so that we don't check any regexes (which could # otherwise easily override this intended match accidentally). |