Add ssl

author: Patryk Niedźwiedziński <pniedzwiedzinski19@gmail.com> 2021-02-07 16:17:57 +0100
committer: Patryk Niedźwiedziński <pniedzwiedzinski19@gmail.com> 2021-02-07 16:17:57 +0100
commit: 5d2dbdfdec06afd5899792167934cf1b69bc9ae1 (patch)
tree: abaae97a097fd71d2ffa20ce4387a455d1d0354e
parent: 489e6c7539200f3047e59f3f41c578b98c69c071 (diff)
download: dots-5d2dbdfdec06afd5899792167934cf1b69bc9ae1.tar.gz
dots-5d2dbdfdec06afd5899792167934cf1b69bc9ae1.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/machines/srv1/configuration.nix b/machines/srv1/configuration.nix
index 4505cb2..409001b 100644
--- a/machines/srv1/configuration.nix
+++ b/machines/srv1/configuration.nix
@@ -64,18 +64,23 @@ in
   services.nginx.virtualHosts."srv1.niedzwiedzinski.cyou" = {
     addSSL = true;
     enableACME = true;
+    forceSSL = true;
     root = "/var/www/srv1.niedzwiedzinski.cyou";
   };
   services.nginx.virtualHosts."git.niedzwiedzinski.cyou" = {
     locations."/".proxyPass = "http://localhost:8080/cgit/";
     locations."/cgit/".proxyPass = "http://localhost:8080";
+    addSSL = true;
+    enableACME = true;
+    forceSSL = true;
   };
   security.acme.certs = {
     "srv1.niedzwiedzinski.cyou".email = "pniedzwiedzinski19@gmail.com";
+    "git.niedzwiedzinski.cyou".email = "pniedzwiedzinski19@gmail.com";
   };
   security.acme.acceptTerms = true;
 
-  networking.firewall.allowedTCPPorts = [ 80 8080 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
   # networking.firewall.allowedUDPPorts = [ ... ];
 
   services.molly-brown = {
author	Patryk Niedźwiedziński <pniedzwiedzinski19@gmail.com>	2021-02-07 16:17:57 +0100
committer	Patryk Niedźwiedziński <pniedzwiedzinski19@gmail.com>	2021-02-07 16:17:57 +0100
commit	5d2dbdfdec06afd5899792167934cf1b69bc9ae1 (patch)
tree	abaae97a097fd71d2ffa20ce4387a455d1d0354e
parent	489e6c7539200f3047e59f3f41c578b98c69c071 (diff)
download	dots-5d2dbdfdec06afd5899792167934cf1b69bc9ae1.tar.gz dots-5d2dbdfdec06afd5899792167934cf1b69bc9ae1.zip