diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2024-05-10 00:50:43 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2024-05-10 01:36:34 +0200 |
commit | b7d060d10d6e5089c9d7f0c889845bb936c4f961 (patch) | |
tree | f71d16b0c939f28a77ab80cd53a6a16a436bbe56 /nixos/modules/services/web-servers | |
parent | cc40af1ab3e545191fe25aeef2e82df3c9f79417 (diff) |
nixos/nginx: fix reference to acme cert hostname
The change introduced in #308303 refers to the virtualHosts attrset key which can be any string. The servername is the actual primary hostname used for the certificate. This fixes use cases like: services.nginx.virualHosts.foobar.serverName = "my.fqdn.org";
Diffstat (limited to 'nixos/modules/services/web-servers')
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 08fab09e1e559..fd940cfe459ab 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -352,7 +352,7 @@ let # The acme-challenge location doesn't need to be added if we are not using any automated # certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge - acmeName = if vhost.useACMEHost != null then vhost.useACMEHost else vhostName; + acmeName = if vhost.useACMEHost != null then vhost.useACMEHost else vhost.serverName; acmeLocation = optionalString ((vhost.enableACME || vhost.useACMEHost != null) && config.security.acme.certs.${acmeName}.dnsProvider == null) # Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx) # We use ^~ here, so that we don't check any regexes (which could |