extend withWww to philippeterson.com and coldairnetworks.com; drop fbksdigital
- philippeterson.com and coldairnetworks.com now use withWww, fixing the same www.* cert-mismatch problem that affected pdxdestiny.com - fbksdigital.com vhost removed (disabled for now) - ACME cyclic dependency list updated accordingly Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
2624efbde8
commit
6e15ad142d
2 changed files with 67 additions and 105 deletions
|
|
@ -375,15 +375,15 @@ in {
|
|||
systemd.services.nginx.after = lib.mkForce [
|
||||
"network.target"
|
||||
"acme-selfsigned-coldairnetworks.com.service"
|
||||
"acme-selfsigned-fbksdigital.com.service"
|
||||
"acme-selfsigned-www.coldairnetworks.com.service"
|
||||
"acme-selfsigned-forge.quinefoundation.com.service"
|
||||
"acme-selfsigned-hyper.quineglobal.com.service"
|
||||
"acme-selfsigned-pdxdestiny.com.service"
|
||||
"acme-selfsigned-www.pdxdestiny.com.service"
|
||||
"acme-selfsigned-philippeterson.com.service"
|
||||
"acme-selfsigned-www.philippeterson.com.service"
|
||||
"acme-selfsigned-riverside.coldairnetworks.com.service"
|
||||
"acme-selfsigned-vnc.quinefoundation.com.service"
|
||||
"acme-selfsigned-webdav.philippeterson.com.service"
|
||||
"acme-selfsigned-www.philippeterson.com.service"
|
||||
];
|
||||
}
|
||||
|
|
|
|||
168
nixos/nginx.nix
168
nixos/nginx.nix
|
|
@ -41,109 +41,6 @@
|
|||
};
|
||||
|
||||
|
||||
"fbksdigital.com" = {
|
||||
enableACME = true; # Enable Let's Encrypt certificate for HTTPS
|
||||
forceSSL = false; # Redirect HTTP to HTTPS?
|
||||
addSSL = true;
|
||||
|
||||
root = "/dev/null";
|
||||
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
return 301 http://fbksdigital.lpages.co/fbksdigital/;
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
"www.philippeterson.com" = {
|
||||
enableACME = true;
|
||||
forceSSL = false;
|
||||
addSSL = true;
|
||||
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
return 301 https://philippeterson.com$request_uri;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
"philippeterson.com" = {
|
||||
enableACME = true;
|
||||
forceSSL = false;
|
||||
addSSL = true;
|
||||
|
||||
root = "/etc/pullomatic/com_philippeterson";
|
||||
|
||||
locations."~ /.git(/.*)$ " = {
|
||||
extraConfig = ''
|
||||
deny all;
|
||||
return 404;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."/games/atcsim" = {
|
||||
extraConfig = ''
|
||||
return 301 /games/atcsim/;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."~ ^/games/atcsim(/[^/\\s]*)*$" = {
|
||||
extraConfig = ''
|
||||
index index.html index.htm;
|
||||
rewrite ^/games/atcsim/?$ "/index.html" break;
|
||||
rewrite ^/games/atcsim(?<query>(/[^/\\s]*)*)$ "$query" break;
|
||||
root /etc/pullomatic/atcsim;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."/portfolio" = {
|
||||
extraConfig = ''
|
||||
return 301 /portfolio/;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."~ ^/portfolio/" = {
|
||||
extraConfig = ''
|
||||
index index.html index.htm;
|
||||
rewrite ^/portfolio/?$ "/index.html" break;
|
||||
rewrite ^/portfolio(?<query>(/[^/\\s]*)*)$ "$query" break;
|
||||
root /etc/pullomatic/my-portfolio;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."~ ^/echo(?<query>((/[^/\\s]*)*))$" = {
|
||||
extraConfig = ''
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "$query";
|
||||
'';
|
||||
};
|
||||
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
try_files $uri $uri.php $uri/ =404;
|
||||
index index.php index.html index.htm;
|
||||
rewrite ^/contact$ /contact.php last;
|
||||
rewrite ^/resume$ /resume.php last;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."~ \.php$" = {
|
||||
extraConfig = ''
|
||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools.main.socket};
|
||||
'';
|
||||
};
|
||||
};
|
||||
"coldairnetworks.com" = {
|
||||
enableACME = true;
|
||||
forceSSL = false;
|
||||
addSSL = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3012/";
|
||||
};
|
||||
};
|
||||
|
||||
"blog.quineglobal.com" = {
|
||||
enableACME = false;
|
||||
|
|
@ -271,6 +168,71 @@
|
|||
forceSSL = false;
|
||||
addSSL = true;
|
||||
root = pdxDestinyRoot;
|
||||
}) // (withWww "philippeterson.com" {
|
||||
enableACME = true;
|
||||
forceSSL = false;
|
||||
addSSL = true;
|
||||
root = "/etc/pullomatic/com_philippeterson";
|
||||
locations."~ /.git(/.*)$ " = {
|
||||
extraConfig = ''
|
||||
deny all;
|
||||
return 404;
|
||||
'';
|
||||
};
|
||||
locations."/games/atcsim" = {
|
||||
extraConfig = ''
|
||||
return 301 /games/atcsim/;
|
||||
'';
|
||||
};
|
||||
locations."~ ^/games/atcsim(/[^/\\s]*)*$" = {
|
||||
extraConfig = ''
|
||||
index index.html index.htm;
|
||||
rewrite ^/games/atcsim/?$ "/index.html" break;
|
||||
rewrite ^/games/atcsim(?<query>(/[^/\\s]*)*)$ "$query" break;
|
||||
root /etc/pullomatic/atcsim;
|
||||
'';
|
||||
};
|
||||
locations."/portfolio" = {
|
||||
extraConfig = ''
|
||||
return 301 /portfolio/;
|
||||
'';
|
||||
};
|
||||
locations."~ ^/portfolio/" = {
|
||||
extraConfig = ''
|
||||
index index.html index.htm;
|
||||
rewrite ^/portfolio/?$ "/index.html" break;
|
||||
rewrite ^/portfolio(?<query>(/[^/\\s]*)*)$ "$query" break;
|
||||
root /etc/pullomatic/my-portfolio;
|
||||
'';
|
||||
};
|
||||
locations."~ ^/echo(?<query>((/[^/\\s]*)*))$" = {
|
||||
extraConfig = ''
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "$query";
|
||||
'';
|
||||
};
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
try_files $uri $uri.php $uri/ =404;
|
||||
index index.php index.html index.htm;
|
||||
rewrite ^/contact$ /contact.php last;
|
||||
rewrite ^/resume$ /resume.php last;
|
||||
'';
|
||||
};
|
||||
locations."~ \.php$" = {
|
||||
extraConfig = ''
|
||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools.main.socket};
|
||||
'';
|
||||
};
|
||||
}) // (withWww "coldairnetworks.com" {
|
||||
enableACME = true;
|
||||
forceSSL = false;
|
||||
addSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3012/";
|
||||
};
|
||||
});
|
||||
|
||||
# Optionally configure additional options
|
||||
|
|
|
|||
Loading…
Reference in a new issue