all repos — nixfiles @ aaf13ed811404b1455bf9cd0551957fcdc58e587

System and user configuration, managed by nix and home-manager

dev: allow website to use acme to provision own cert

Alan Pearce
commit

aaf13ed811404b1455bf9cd0551957fcdc58e587

parent

a8b679b21cfe5c2812f618022d7d0254e112c8bf

1 file changed, 25 insertions(+), 7 deletions(-)

jump to
M system/settings/dev.nixsystem/settings/dev.nix
@@ -1,7 +1,13 @@
{ config +, lib , pkgs , ... }: { + networking = lib.mkIf pkgs.stdenv.isLinux { + hosts = { + "127.0.0.80" = [ "alanpearce.test" ]; + }; + }; services.caddy = { enable = true; virtualHosts = {
@@ -12,17 +18,29 @@ issuer internal {
ca local } } - acme_server + acme_server { + allow { + domains *.test + } + } ''; }; - "alanpearce.localhost" = { + "alanpearce.test" = { + serverAliases = [ "alanpearce.localhost" ]; extraConfig = '' - reverse_proxy h2c://alanpearce.localhost:3000 { - transport http { - dial_timeout 1s - compression off - } + tls { + issuer internal { + ca local } + } + reverse_proxy http://alanpearce.test:3000 { + header_up Host alanpearce.test + transport http { + dial_timeout 1s + compression off + } + } + redir / https://alanpearce.test:8443 302 ''; }; "searchix.localhost" = {