55dac18 nginx: Force TLS — radicle-infra

rad:z254T5p17bdFPmzfDojsdjo4HjpoZ

Radicle Infrastructure as Code (NixOS, OpenTofu, …)

nginx: Force TLS

Lorenz Leutgeb committed 6 months ago

commit 55dac18cf1d394adb2fcb501c685250471892a2c
parent 3d9db32

5 files changed +5 -5

modified os/host/seed/attic.nix

@@ -28,8 +28,8 @@ in {

       };
     };
     nginx.virtualHosts.${domain} = {
       addSSL = true;
       enableACME = true;
       forceSSL = true;
       serverName = domain;
       locations."/" = {
         proxyPass = "http://127.0.0.1:${builtins.toString port}";

modified os/host/seed/bootstrap/default.nix

@@ -36,8 +36,8 @@

     };
   };
   services.nginx.virtualHosts."bootstrap.radicle.xyz" = {
     addSSL = true;
     enableACME = true;
     forceSSL = true;
     serverName = "bootstrap.radicle.xyz";
     root = "/var/www/bootstrap.radicle.xyz";
     locations."/".extraConfig = ''

modified os/host/seed/files.nix

@@ -13,8 +13,8 @@ in {

       add_header 'Access-Control-Allow-Origin' '*';
       autoindex on;
     '';
     addSSL = true;
     enableACME = true;
     forceSSL = true;
     serverName = name;
   };

modified os/host/seed/grafana.nix

@@ -19,8 +19,8 @@ in {

     };
     nginx.virtualHosts.${domain} = {
       addSSL = true;
       enableACME = true;
       forceSSL = true;
       serverName = domain;
       locations."/" = {
         proxyPass = "http://127.0.0.1:${builtins.toString port}";

modified os/mixin/radicle.nix

@@ -60,8 +60,8 @@

     httpd = {
       enable = true;
       nginx = {
         addSSL = true;
         enableACME = true;
 	forceSSL = true;
         serverName = config.networking.fqdn;
       };
     };