diff options
| author | Mark Nipper <nipsy@bitgnome.net> | 2024-11-13 09:04:02 -0800 |
|---|---|---|
| committer | Mark Nipper <nipsy@bitgnome.net> | 2024-11-13 09:04:02 -0800 |
| commit | 864491349b77c2f9f53a4854c524302138867d8c (patch) | |
| tree | 21a727800e0e6ecc931cc975b59cd8ac80e7e822 | |
| parent | bd668d7ee34ec3b8a6c11eb19bb9c9cf005443f7 (diff) | |
| download | nix-864491349b77c2f9f53a4854c524302138867d8c.tar nix-864491349b77c2f9f53a4854c524302138867d8c.tar.gz nix-864491349b77c2f9f53a4854c524302138867d8c.tar.bz2 nix-864491349b77c2f9f53a4854c524302138867d8c.tar.lz nix-864491349b77c2f9f53a4854c524302138867d8c.tar.xz nix-864491349b77c2f9f53a4854c524302138867d8c.tar.zst nix-864491349b77c2f9f53a4854c524302138867d8c.zip | |
Fix HTTPS redirects outside of LAN
| -rw-r--r-- | hosts/arrakis/services.nix | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index daac1a8..6e7a9fa 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -133,20 +133,6 @@ ::1 1; 192.168.1.0/24 1; } - - set $enable_ssl 0; - - if ($geo != 1) { - set $enable_ssl 1 - } - - if ($scheme != https) { - set $enable_ssl 1 - } - - if ($enable_ssl) { - return 301 https://$host$request_uri; - } ''; enable = true; @@ -165,7 +151,17 @@ enableACME = true; extraConfig = '' - if ($geo = 0) { + set $enable_ssl 0; + + if ($geo != 1) { + set $enable_ssl 1 + } + + if ($scheme != https) { + set $enable_ssl 1 + } + + if ($enable_ssl) { return 301 https://$host$request_uri; } ''; |