30 lines
805 B
Nix
30 lines
805 B
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
{
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts = {
|
|
${config.services.nextcloud.hostName} = {
|
|
listen = lib.mkForce [
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 443;
|
|
ssl = true;
|
|
}
|
|
];
|
|
forceSSL = true;
|
|
sslCertificate = "/var/lib/acme/net.dn.crt";
|
|
sslCertificateKey = "/var/lib/acme/net.dn.key";
|
|
sslTrustedCertificate = "/var/lib/acme/net.dn.crt";
|
|
extraConfig = ''
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384';
|
|
ssl_prefer_server_ciphers on;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
}
|