diff options
author | Mark Nipper <nipsy@bitgnome.net> | 2024-11-13 09:23:42 -0800 |
---|---|---|
committer | Mark Nipper <nipsy@bitgnome.net> | 2024-11-13 09:23:42 -0800 |
commit | e393ae6d4fd722c6be992fb3de56ff90f0738ce2 (patch) | |
tree | 5724910b809cffd4b8db847d24b31196a51a6a7d /hosts/arrakis/services.nix | |
parent | d98d1eeca6209918fcdccd1b554afb941b47aa3a (diff) | |
download | nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.tar nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.tar.gz nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.tar.bz2 nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.tar.lz nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.tar.xz nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.tar.zst nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.zip |
Fix HTTPS redirects outside of LAN
Diffstat (limited to 'hosts/arrakis/services.nix')
-rw-r--r-- | hosts/arrakis/services.nix | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index 302211b..3678f63 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -133,6 +133,16 @@ ::1 1; 192.168.1.0/24 1; } + + map $scheme $req_ssl { + default 1; + http 0 ; + } + + map "$geo$req_ssl" $enable_ssl { + default 1; + 00 1; + } ''; enable = true; @@ -151,16 +161,6 @@ enableACME = true; extraConfig = '' - set $enable_ssl 0; - - if ($geo != 1) { - set $enable_ssl 1; - } - - if ($scheme != https) { - set $enable_ssl 1; - } - if ($enable_ssl) { return 301 https://$host$request_uri; } |