From e393ae6d4fd722c6be992fb3de56ff90f0738ce2 Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Wed, 13 Nov 2024 09:23:42 -0800 Subject: Fix HTTPS redirects outside of LAN --- hosts/arrakis/services.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'hosts') diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index 302211b..3678f63 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -133,6 +133,16 @@ ::1 1; 192.168.1.0/24 1; } + + map $scheme $req_ssl { + default 1; + http 0 ; + } + + map "$geo$req_ssl" $enable_ssl { + default 1; + 00 1; + } ''; enable = true; @@ -151,16 +161,6 @@ enableACME = true; extraConfig = '' - set $enable_ssl 0; - - if ($geo != 1) { - set $enable_ssl 1; - } - - if ($scheme != https) { - set $enable_ssl 1; - } - if ($enable_ssl) { return 301 https://$host$request_uri; } -- cgit v1.2.3