1
0
Fork 0

force ssl for home assistant only if ssl is enabled

This commit is contained in:
ibizaman 2023-11-17 22:51:35 -08:00 committed by Pierre Penninckx
parent 39c2c943a1
commit 8d08c5b7c0
3 changed files with 9 additions and 9 deletions

View file

@ -144,10 +144,10 @@ in
};
services.nginx.virtualHosts."${fqdn}" = {
forceSSL = true;
forceSSL = lib.mkIf config.shb.ssl.enable true;
http2 = true;
sslCertificate = "/var/lib/acme/${cfg.domain}/cert.pem";
sslCertificateKey = "/var/lib/acme/${cfg.domain}/key.pem";
sslCertificate = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/cert.pem";
sslCertificateKey = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/key.pem";
extraConfig = ''
proxy_buffering off;
'';

View file

@ -73,9 +73,9 @@ in
enable = true;
virtualHosts.${fqdn} = {
forceSSL = true;
sslCertificate = "/var/lib/acme/${cfg.domain}/cert.pem";
sslCertificateKey = "/var/lib/acme/${cfg.domain}/key.pem";
forceSSL = lib.mkIf config.shb.ssl.enable true;
sslCertificate = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/cert.pem";
sslCertificateKey = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/key.pem";
locations."/" = {
extraConfig = ''
proxy_set_header Host $host;

View file

@ -99,9 +99,9 @@ in
let
vhostCfg = c: {
${fqdn c} = {
forceSSL = true;
sslCertificate = "/var/lib/acme/${c.domain}/cert.pem";
sslCertificateKey = "/var/lib/acme/${c.domain}/key.pem";
forceSSL = lib.mkIf config.shb.ssl.enable true;
sslCertificate = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${c.domain}/cert.pem";
sslCertificateKey = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${c.domain}/key.pem";
# Taken from https://github.com/authelia/authelia/issues/178
locations."/".extraConfig = ''