summaryrefslogtreecommitdiffstats
path: root/krebs/2configs/acme.nix
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/2configs/acme.nix')
-rw-r--r--krebs/2configs/acme.nix4
1 files changed, 3 insertions, 1 deletions
diff --git a/krebs/2configs/acme.nix b/krebs/2configs/acme.nix
index b5e51a1a2..056aa7ae4 100644
--- a/krebs/2configs/acme.nix
+++ b/krebs/2configs/acme.nix
@@ -7,15 +7,17 @@ in {
email = "spam@krebsco.de";
certs.${domain}.server = "https://${domain}:1443/acme/acme/directory"; # use 1443 here cause bootstrapping loop
};
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts.${domain} = {
- forceSSL = true;
+ addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "https://localhost:1443";
};
+ locations."= /ca.crt".alias = ../6assets/krebsAcmeCA.crt;
};
};
krebs.secret.files.krebsAcme = {