mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 04:18:45 +08:00
services.nginx.https: allow custom TLS certificate
This commit is contained in:
parent
59b053886b
commit
b8abc4a326
@ -94,6 +94,7 @@ inputs:
|
||||
default = null;
|
||||
};
|
||||
rewriteHttps = mkOption { type = types.bool; default = true; };
|
||||
tlsCert = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
};
|
||||
listen = mkOption
|
||||
{
|
||||
@ -547,7 +548,11 @@ inputs:
|
||||
# do not automatically add http2 listen
|
||||
http2 = false;
|
||||
onlySSL = true;
|
||||
useACMEHost = site.name;
|
||||
useACMEHost = mkIf (site.value.global.tlsCert == null) site.name;
|
||||
sslCertificate = mkIf (site.value.global.tlsCert != null)
|
||||
"${site.value.global.tlsCert}/fullchain.pem";
|
||||
sslCertificateKey = mkIf (site.value.global.tlsCert != null)
|
||||
"${site.value.global.tlsCert}/privkey.pem";
|
||||
locations = listToAttrs (map
|
||||
(location:
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user