dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: ssl for pre-nextcloud

Browse source
This commit is contained in:
DACHXY 2025-05-03 23:48:14 +08:00
parent 5206893dcd
commit 62c1eb4b1d
1 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
system/dev/dn-server/nginx.nix
View file

@ -2,8 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
settings,
devices,
... ...
}: }:
let let
@ -12,7 +10,7 @@ let
certScript = pkgs.writeShellScriptBin "certbot-nextcloud" '' certScript = pkgs.writeShellScriptBin "certbot-nextcloud" ''
${pkgs.certbot}/bin/certbot certonly --webroot \ ${pkgs.certbot}/bin/certbot certonly --webroot \
--webroot-path ${acmeWebRoot} -v \ --webroot-path ${acmeWebRoot} -v \
-d ${config.services.neextcloud.hostName} \ -d ${config.services.nextcloud.hostName} \
--server https://ca.net.dn:8443/acme/acme/directory \ --server https://ca.net.dn:8443/acme/acme/directory \
-m admin@mail.net.dn -m admin@mail.net.dn
@ -63,7 +61,7 @@ in
''; '';
}; };
pre7780Hostname = { ${pre7780.hostname} = {
listen = [ listen = [
{ {
addr = "0.0.0.0"; addr = "0.0.0.0";
@ -93,6 +91,10 @@ in
''; '';
}; };
forceSSL = true;
sslCertificate = "/etc/letsencrypt/live/${pre7780.hostname}/fullchain.pem";
sslCertificateKey = "/etc/letsencrypt/live/${pre7780.hostname}/privkey.pem";
extraConfig = '' extraConfig = ''
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384'; ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384';