services: matrix: enable SSL traffic only
This is a requirement anyway for homeservers, and the `forceSSL` option tried to create a redirect for non-SSL traffic, except the `listen` option only provided SSL endpoints anyway, so this resulted in additional rules in the nginx config looking like this: server { server_name matrix.alarsyo.net ; location /.well-known/acme-challenge { root /var/lib/acme/acme-challenge; auth_basic off; } location / { return 301 https://$host$request_uri; } } Which led to nginx listening on port 8000 (the default port in this situation, I imagine)
This commit is contained in:
parent
c75458d8c9
commit
e7219ae988
|
@ -170,7 +170,7 @@ in {
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"matrix.${domain}" = {
|
"matrix.${domain}" = {
|
||||||
forceSSL = true;
|
onlySSL = true;
|
||||||
useACMEHost = domain;
|
useACMEHost = domain;
|
||||||
|
|
||||||
locations =
|
locations =
|
||||||
|
@ -197,7 +197,7 @@ in {
|
||||||
|
|
||||||
# same as above, but listening on the federation port
|
# same as above, but listening on the federation port
|
||||||
"matrix.${domain}_federation" = rec {
|
"matrix.${domain}_federation" = rec {
|
||||||
forceSSL = true;
|
onlySSL = true;
|
||||||
serverName = "matrix.${domain}";
|
serverName = "matrix.${domain}";
|
||||||
useACMEHost = domain;
|
useACMEHost = domain;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue