Loading nixos/modules/services/web-servers/nginx/default.nix +3 −1 Original line number Diff line number Diff line Loading @@ -362,7 +362,9 @@ let redirectListen = filter (x: !x.ssl) defaultListen; acmeLocation = optionalString (vhost.enableACME || vhost.useACMEHost != null) '' # The acme-challenge location doesn't need to be added if we are not using any automated # certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge acmeLocation = optionalString (vhost.enableACME || (vhost.useACMEHost != null && config.security.acme.certs.${vhost.useACMEHost}.dnsProvider == null)) '' # Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx) # We use ^~ here, so that we don't check any regexes (which could # otherwise easily override this intended match accidentally). Loading Loading
nixos/modules/services/web-servers/nginx/default.nix +3 −1 Original line number Diff line number Diff line Loading @@ -362,7 +362,9 @@ let redirectListen = filter (x: !x.ssl) defaultListen; acmeLocation = optionalString (vhost.enableACME || vhost.useACMEHost != null) '' # The acme-challenge location doesn't need to be added if we are not using any automated # certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge acmeLocation = optionalString (vhost.enableACME || (vhost.useACMEHost != null && config.security.acme.certs.${vhost.useACMEHost}.dnsProvider == null)) '' # Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx) # We use ^~ here, so that we don't check any regexes (which could # otherwise easily override this intended match accidentally). Loading
