2021-03-13 15:32:44 +01:00
|
|
|
{ config, pkgs, ...}:
|
|
|
|
{
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
package = pkgs.nginxMainline;
|
|
|
|
enableReload = true;
|
|
|
|
proxyResolveWhileRunning = true;
|
|
|
|
resolver = {
|
|
|
|
addresses = [ "[2a02:2970:1002::18]" "46.182.19.48" "[2001:1608:10:25::9249:d69b]" "84.200.70.40" ];
|
|
|
|
};
|
|
|
|
appendHttpConfig = ''
|
2021-06-14 16:28:56 +02:00
|
|
|
server {
|
|
|
|
listen turn.entr0py.de:80 default;
|
|
|
|
location ^~ /.well-known/acme-challenge/ {
|
|
|
|
root /var/www/letsencrypt;
|
|
|
|
}
|
|
|
|
}
|
2021-03-13 15:32:44 +01:00
|
|
|
server {
|
|
|
|
listen 0.0.0.0:80 default;
|
|
|
|
listen [::]:80 default;
|
|
|
|
location /.well-known/acme-challenge {
|
|
|
|
proxy_pass http://$host$request_uri;
|
|
|
|
}
|
|
|
|
location / {
|
|
|
|
return 301 https://$host$request_uri;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
streamConfig = ''
|
|
|
|
resolver [2a02:2970:1002::18] 46.182.19.48 [2001:1608:10:25::9249:d69b] 84.200.70.40 ;
|
|
|
|
server {
|
|
|
|
listen 0.0.0.0:443;
|
|
|
|
listen [::]:443;
|
|
|
|
proxy_pass $ssl_preread_server_name:443;
|
|
|
|
ssl_preread on;
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
|
|
|
|
};
|
|
|
|
}
|