deploy http3
This commit is contained in:
parent
ffee2ace01
commit
388afba8de
8 changed files with 46 additions and 51 deletions
|
@ -10,9 +10,6 @@
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
services.nginx.virtualHosts."api.chir.rs" = {
|
||||
forceSSL = true;
|
||||
http2 = true;
|
||||
listenAddresses = [ "0.0.0.0" "[::]" ];
|
||||
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
|
||||
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
|
||||
locations."/" = {
|
||||
|
|
|
@ -49,9 +49,6 @@
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts."git.chir.rs" = {
|
||||
forceSSL = true;
|
||||
http2 = true;
|
||||
listenAddresses = [ "0.0.0.0" "[::]" ];
|
||||
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
|
||||
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
|
||||
locations."/" = {
|
||||
|
|
|
@ -14,9 +14,6 @@ in
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts.${config.services.grafana.domain} = {
|
||||
forceSSL = true;
|
||||
http2 = true;
|
||||
# http3 = true;
|
||||
listenAddresses = listenIPs;
|
||||
sslCertificate = "/var/lib/acme/int.chir.rs/cert.pem";
|
||||
sslCertificateKey = "/var/lib/acme/int.chir.rs/key.pem";
|
||||
|
|
|
@ -8,8 +8,6 @@ in
|
|||
rootCredentialsFile = "/run/secrets/security/minio/credentials_file";
|
||||
};
|
||||
services.nginx.virtualHosts."minio.int.chir.rs" = {
|
||||
forceSSL = true;
|
||||
http2 = true;
|
||||
listenAddresses = listenIPs;
|
||||
sslCertificate = "/var/lib/acme/int.chir.rs/cert.pem";
|
||||
sslCertificateKey = "/var/lib/acme/int.chir.rs/key.pem";
|
||||
|
@ -19,8 +17,6 @@ in
|
|||
};
|
||||
};
|
||||
services.nginx.virtualHosts."minio-console.int.chir.rs" = {
|
||||
forceSSL = true;
|
||||
http2 = true;
|
||||
listenAddresses = listenIPs;
|
||||
sslCertificate = "/var/lib/acme/int.chir.rs/cert.pem";
|
||||
sslCertificateKey = "/var/lib/acme/int.chir.rs/key.pem";
|
||||
|
|
|
@ -1,29 +1,44 @@
|
|||
{ pkgs, ... }: {
|
||||
services.nginx = {
|
||||
additionalModules = [ pkgs.nginxModules.brotli ];
|
||||
clientMaxBodySize = "10g";
|
||||
enable = true;
|
||||
appendHttpConfig = ''
|
||||
brotli on;
|
||||
brotli_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/xml
|
||||
application/xml+rss
|
||||
image/svg+xml
|
||||
text/css
|
||||
text/javascript
|
||||
text/plain
|
||||
text/xml;
|
||||
'';
|
||||
# package = pkgs.nginxQuic;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
resolver.addresses = [ "127.0.0.1" "[::1]" ];
|
||||
sslProtocols = "TLSv1.3";
|
||||
{ lib, pkgs, ... }:
|
||||
{
|
||||
config = {
|
||||
services.nginx = {
|
||||
additionalModules = [ pkgs.nginxModules.brotli ];
|
||||
clientMaxBodySize = "10g";
|
||||
enable = true;
|
||||
appendHttpConfig = ''
|
||||
brotli on;
|
||||
brotli_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/xml
|
||||
application/xml+rss
|
||||
image/svg+xml
|
||||
text/css
|
||||
text/javascript
|
||||
text/plain
|
||||
text/xml;
|
||||
'';
|
||||
package = pkgs.nginxQuic;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
resolver.addresses = [ "127.0.0.1" "[::1]" ];
|
||||
sslProtocols = "TLSv1.3";
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||
};
|
||||
|
||||
options.services.nginx.virtualHosts = lib.mkOption {
|
||||
type = lib.types.attrsOf (lib.types.submodule {
|
||||
config.listenAddresses = lib.mkDefault [
|
||||
"0.0.0.0"
|
||||
"[::]"
|
||||
];
|
||||
config.forceSSL = lib.mkDefault true;
|
||||
config.http2 = lib.mkDefault true;
|
||||
config.http3 = lib.mkDefault true;
|
||||
});
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||
}
|
||||
|
|
|
@ -14,9 +14,6 @@ in
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
services.nginx.virtualHosts."darkkirb.de" = {
|
||||
forceSSL = true;
|
||||
http2 = true;
|
||||
listenAddresses = [ "0.0.0.0" "[::]" ];
|
||||
sslCertificate = "/var/lib/acme/darkkirb.de/cert.pem";
|
||||
sslCertificateKey = "/var/lib/acme/darkkirb.de/key.pem";
|
||||
serverAliases = [ "www.darkkirb.de" ];
|
||||
|
@ -29,9 +26,8 @@ in
|
|||
};
|
||||
};
|
||||
services.nginx.virtualHosts."static.darkkirb.de" = {
|
||||
forceSSL = false;
|
||||
addSSL = true;
|
||||
http2 = true;
|
||||
listenAddresses = [ "0.0.0.0" "[::]" ];
|
||||
sslCertificate = "/var/lib/acme/darkkirb.de/cert.pem";
|
||||
sslCertificateKey = "/var/lib/acme/darkkirb.de/key.pem";
|
||||
locations."/" = {
|
||||
|
|
|
@ -31,9 +31,6 @@
|
|||
}
|
||||
];
|
||||
services.nginx.virtualHosts."mail.chir.rs" = {
|
||||
forceSSL = true;
|
||||
http2 = true;
|
||||
listenAddresses = [ "0.0.0.0" "[::]" ];
|
||||
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
|
||||
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
|
||||
};
|
||||
|
|
|
@ -294,11 +294,11 @@
|
|||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1644379669,
|
||||
"narHash": "sha256-w6/mDLvfG6YeiGsHy2r6gXBBozKJwjpkChIAk3gyR1I=",
|
||||
"lastModified": 1644416136,
|
||||
"narHash": "sha256-Hfoad1e15/LgdsN6G1vPUiOrDgNSYoBTDWrac0EUnx8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "925ae10cc7bbeaba05f0a0da14a001265233dc2e",
|
||||
"rev": "4195163bf9388b999a690c3bcf0763cfeb20b059",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
Loading…
Reference in a new issue