aboutsummaryrefslogtreecommitdiffstats
path: root/hosts/arrakis
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-11-13 09:23:42 -0800
committerMark Nipper <nipsy@bitgnome.net>2024-11-13 09:23:42 -0800
commite393ae6d4fd722c6be992fb3de56ff90f0738ce2 (patch)
tree5724910b809cffd4b8db847d24b31196a51a6a7d /hosts/arrakis
parentd98d1eeca6209918fcdccd1b554afb941b47aa3a (diff)
downloadnix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.tar
nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.tar.gz
nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.tar.bz2
nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.tar.lz
nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.tar.xz
nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.tar.zst
nix-e393ae6d4fd722c6be992fb3de56ff90f0738ce2.zip
Fix HTTPS redirects outside of LAN
Diffstat (limited to '')
-rw-r--r--hosts/arrakis/services.nix20
1 files changed, 10 insertions, 10 deletions
diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix
index 302211b..3678f63 100644
--- a/hosts/arrakis/services.nix
+++ b/hosts/arrakis/services.nix
@@ -133,6 +133,16 @@
::1 1;
192.168.1.0/24 1;
}
+
+ map $scheme $req_ssl {
+ default 1;
+ http 0 ;
+ }
+
+ map "$geo$req_ssl" $enable_ssl {
+ default 1;
+ 00 1;
+ }
'';
enable = true;
@@ -151,16 +161,6 @@
enableACME = true;
extraConfig = ''
- set $enable_ssl 0;
-
- if ($geo != 1) {
- set $enable_ssl 1;
- }
-
- if ($scheme != https) {
- set $enable_ssl 1;
- }
-
if ($enable_ssl) {
return 301 https://$host$request_uri;
}