mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 04:58:44 +08:00
services.nginx.https: allow custom TLS certificate
This commit is contained in:
parent
59b053886b
commit
b8abc4a326
@ -94,6 +94,7 @@ inputs:
|
|||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
rewriteHttps = mkOption { type = types.bool; default = true; };
|
rewriteHttps = mkOption { type = types.bool; default = true; };
|
||||||
|
tlsCert = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||||
};
|
};
|
||||||
listen = mkOption
|
listen = mkOption
|
||||||
{
|
{
|
||||||
@ -547,7 +548,11 @@ inputs:
|
|||||||
# do not automatically add http2 listen
|
# do not automatically add http2 listen
|
||||||
http2 = false;
|
http2 = false;
|
||||||
onlySSL = true;
|
onlySSL = true;
|
||||||
useACMEHost = site.name;
|
useACMEHost = mkIf (site.value.global.tlsCert == null) site.name;
|
||||||
|
sslCertificate = mkIf (site.value.global.tlsCert != null)
|
||||||
|
"${site.value.global.tlsCert}/fullchain.pem";
|
||||||
|
sslCertificateKey = mkIf (site.value.global.tlsCert != null)
|
||||||
|
"${site.value.global.tlsCert}/privkey.pem";
|
||||||
locations = listToAttrs (map
|
locations = listToAttrs (map
|
||||||
(location:
|
(location:
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user