diff options
| author | Mark Nipper <nipsy@bitgnome.net> | 2024-11-13 08:56:33 -0800 |
|---|---|---|
| committer | Mark Nipper <nipsy@bitgnome.net> | 2024-11-13 08:56:33 -0800 |
| commit | bd668d7ee34ec3b8a6c11eb19bb9c9cf005443f7 (patch) | |
| tree | f0c677b0262b4e9445d905b3f161dcd2d246945e | |
| parent | 632c7f1a4e37215b384664a9ad436293a0d3d3ae (diff) | |
| download | nix-bd668d7ee34ec3b8a6c11eb19bb9c9cf005443f7.tar nix-bd668d7ee34ec3b8a6c11eb19bb9c9cf005443f7.tar.gz nix-bd668d7ee34ec3b8a6c11eb19bb9c9cf005443f7.tar.bz2 nix-bd668d7ee34ec3b8a6c11eb19bb9c9cf005443f7.tar.lz nix-bd668d7ee34ec3b8a6c11eb19bb9c9cf005443f7.tar.xz nix-bd668d7ee34ec3b8a6c11eb19bb9c9cf005443f7.tar.zst nix-bd668d7ee34ec3b8a6c11eb19bb9c9cf005443f7.zip | |
Fix HTTPS redirects outside of LAN
| -rw-r--r-- | hosts/arrakis/services.nix | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index e0c1111..daac1a8 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -133,6 +133,20 @@ ::1 1; 192.168.1.0/24 1; } + + set $enable_ssl 0; + + if ($geo != 1) { + set $enable_ssl 1 + } + + if ($scheme != https) { + set $enable_ssl 1 + } + + if ($enable_ssl) { + return 301 https://$host$request_uri; + } ''; enable = true; |