From aaf13ed811404b1455bf9cd0551957fcdc58e587 Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Thu, 27 Jun 2024 01:21:32 +0200 Subject: dev: allow website to use acme to provision own cert --- system/settings/dev.nix | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) (limited to 'system') diff --git a/system/settings/dev.nix b/system/settings/dev.nix index e975c214..8d246c15 100644 --- a/system/settings/dev.nix +++ b/system/settings/dev.nix @@ -1,7 +1,13 @@ { config +, lib , pkgs , ... }: { + networking = lib.mkIf pkgs.stdenv.isLinux { + hosts = { + "127.0.0.80" = [ "alanpearce.test" ]; + }; + }; services.caddy = { enable = true; virtualHosts = { @@ -12,17 +18,29 @@ ca local } } - acme_server + acme_server { + allow { + domains *.test + } + } ''; }; - "alanpearce.localhost" = { + "alanpearce.test" = { + serverAliases = [ "alanpearce.localhost" ]; extraConfig = '' - reverse_proxy h2c://alanpearce.localhost:3000 { - transport http { - dial_timeout 1s - compression off - } + tls { + issuer internal { + ca local } + } + reverse_proxy http://alanpearce.test:3000 { + header_up Host alanpearce.test + transport http { + dial_timeout 1s + compression off + } + } + redir / https://alanpearce.test:8443 302 ''; }; "searchix.localhost" = { -- cgit 1.4.1