movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 06:00:33 +03:00
Code Activity

nixos/nginx: fix reference to acme cert hostname

Browse source 
The change introduced in #308303 refers to the virtualHosts attrset
key which can be any string. The servername is the actual primary
hostname used for the certificate.

This fixes use cases like:

    services.nginx.virualHosts.foobar.serverName = "my.fqdn.org";
This commit is contained in:
Franz Pletz 2024-05-10 00:50:43 +02:00
parent cc40af1ab3
commit b7d060d10d
No known key found for this signature in database
GPG key ID: 846FDED7792617B4
2 changed files with 21 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/services/web-servers/nginx/default.nix
View file

@ -352,7 +352,7 @@ let
# The acme-challenge location doesn't need to be added if we are not using any automated
# certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge
acmeName = if vhost.useACMEHost != null then vhost.useACMEHost else vhostName;
acmeName = if vhost.useACMEHost != null then vhost.useACMEHost else vhost.serverName;
acmeLocation = optionalString ((vhost.enableACME || vhost.useACMEHost != null) && config.security.acme.certs.${acmeName}.dnsProvider == null)
# Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx)
# We use ^~ here, so that we don't check any regexes (which could