movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

nixos/nginx: allow using existing ACME certificate

Browse source 
When a domain has a lot of subdomains, it is quite easy to hit the rate limit:

https://letsencrypt.org/docs/rate-limits/

Instead you can define the certificate manually in `security.acme.certs` and list the subdomains in the `extraDomains` option.
This commit is contained in:
Jan Tojnar 2017-10-23 05:40:39 +02:00
parent ee4e6ebbfa
commit 41d252d7a4
No known key found for this signature in database
GPG key ID: 7FAB2A15F7A607A4
2 changed files with 30 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

16
nixos/modules/services/web-servers/nginx/vhost-options.nix
View file

@ -48,7 +48,21 @@ with lib;
enableACME = mkOption {
type = types.bool;
default = false;
description = "Whether to ask Let's Encrypt to sign a certificate for this vhost.";
description = ''
Whether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through <option>useACMEHost</option>.
'';
};
useACMEHost = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
A host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
<link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.
Alternately, you can generate a certificate through <option>enableACME</option>.
'';
};
acmeRoot = mkOption {