services: matrix: enable SSL traffic only

This is a requirement anyway for homeservers, and the `forceSSL` option
tried to create a redirect for non-SSL traffic, except the `listen`
option only provided SSL endpoints anyway, so this resulted in
additional rules in the nginx config looking like this:

server {
        server_name matrix.alarsyo.net ;
        location /.well-known/acme-challenge {
                root /var/lib/acme/acme-challenge;
                auth_basic off;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}

Which led to nginx listening on port 8000 (the default port in this
situation, I imagine)
This commit is contained in:
Antoine Martin 2021-07-13 13:54:18 +02:00
parent c75458d8c9
commit e7219ae988

View file

@ -170,7 +170,7 @@ in {
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"matrix.${domain}" = { "matrix.${domain}" = {
forceSSL = true; onlySSL = true;
useACMEHost = domain; useACMEHost = domain;
locations = locations =
@ -197,7 +197,7 @@ in {
# same as above, but listening on the federation port # same as above, but listening on the federation port
"matrix.${domain}_federation" = rec { "matrix.${domain}_federation" = rec {
forceSSL = true; onlySSL = true;
serverName = "matrix.${domain}"; serverName = "matrix.${domain}";
useACMEHost = domain; useACMEHost = domain;