aboutsummaryrefslogtreecommitdiffstats
path: root/hosts/arrakis/services.nix
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-11-13 09:04:02 -0800
committerMark Nipper <nipsy@bitgnome.net>2024-11-13 09:04:02 -0800
commit864491349b77c2f9f53a4854c524302138867d8c (patch)
tree21a727800e0e6ecc931cc975b59cd8ac80e7e822 /hosts/arrakis/services.nix
parentbd668d7ee34ec3b8a6c11eb19bb9c9cf005443f7 (diff)
downloadnix-864491349b77c2f9f53a4854c524302138867d8c.tar
nix-864491349b77c2f9f53a4854c524302138867d8c.tar.gz
nix-864491349b77c2f9f53a4854c524302138867d8c.tar.bz2
nix-864491349b77c2f9f53a4854c524302138867d8c.tar.lz
nix-864491349b77c2f9f53a4854c524302138867d8c.tar.xz
nix-864491349b77c2f9f53a4854c524302138867d8c.tar.zst
nix-864491349b77c2f9f53a4854c524302138867d8c.zip
Fix HTTPS redirects outside of LAN
Diffstat (limited to '')
-rw-r--r--hosts/arrakis/services.nix26
1 files changed, 11 insertions, 15 deletions
diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix
index daac1a8..6e7a9fa 100644
--- a/hosts/arrakis/services.nix
+++ b/hosts/arrakis/services.nix
@@ -133,20 +133,6 @@
::1 1;
192.168.1.0/24 1;
}
-
- set $enable_ssl 0;
-
- if ($geo != 1) {
- set $enable_ssl 1
- }
-
- if ($scheme != https) {
- set $enable_ssl 1
- }
-
- if ($enable_ssl) {
- return 301 https://$host$request_uri;
- }
'';
enable = true;
@@ -165,7 +151,17 @@
enableACME = true;
extraConfig = ''
- if ($geo = 0) {
+ set $enable_ssl 0;
+
+ if ($geo != 1) {
+ set $enable_ssl 1
+ }
+
+ if ($scheme != https) {
+ set $enable_ssl 1
+ }
+
+ if ($enable_ssl) {
return 301 https://$host$request_uri;
}
'';