diff options
author | Izorkin <izorkin@elven.pw> | 2023-12-24 09:43:34 +0300 |
---|---|---|
committer | Izorkin <izorkin@elven.pw> | 2023-12-30 23:50:02 +0300 |
commit | ae5c0c1521e9c4739e955d6a5a949592ce82e580 (patch) | |
tree | 19aef15cb4d44a8c8f1b56eb89bfb444ac14c1b6 | |
parent | 7f1b6d45afb5b2ca33d06507198fbb5c2bdbe9ee (diff) |
nixos/nginx: skip adding a comment to acmeLocation in nginx configuration
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 0ec8d95ad3aa3..f44400eb41594 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -352,10 +352,11 @@ let # The acme-challenge location doesn't need to be added if we are not using any automated # certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge - acmeLocation = optionalString (vhost.enableACME || (vhost.useACMEHost != null && config.security.acme.certs.${vhost.useACMEHost}.dnsProvider == null)) '' + acmeLocation = optionalString (vhost.enableACME || (vhost.useACMEHost != null && config.security.acme.certs.${vhost.useACMEHost}.dnsProvider == null)) # Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx) # We use ^~ here, so that we don't check any regexes (which could # otherwise easily override this intended match accidentally). + '' location ^~ /.well-known/acme-challenge/ { ${optionalString (vhost.acmeFallbackHost != null) "try_files $uri @acme-fallback;"} ${optionalString (vhost.acmeRoot != null) "root ${vhost.acmeRoot};"} |