From bd668d7ee34ec3b8a6c11eb19bb9c9cf005443f7 Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Wed, 13 Nov 2024 08:56:33 -0800 Subject: Fix HTTPS redirects outside of LAN --- hosts/arrakis/services.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'hosts/arrakis/services.nix') diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index e0c1111..daac1a8 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -133,6 +133,20 @@ ::1 1; 192.168.1.0/24 1; } + + set $enable_ssl 0; + + if ($geo != 1) { + set $enable_ssl 1 + } + + if ($scheme != https) { + set $enable_ssl 1 + } + + if ($enable_ssl) { + return 301 https://$host$request_uri; + } ''; enable = true; -- cgit v1.2.3