Comments (5)
qknight
commented on June 23, 2024
@erictapen can you please post your nixcloud.TLS.certs configuration.
BIG WARNING
nixcloud.TLS was designed to be used with nixcloud.reverse-proxy and you clearly don't use it as you are using services.nginx on port 80. by definition your services.nginx service has to handle the ACME requests BUT it will only do that if you configure vhost.enableACME || vhost.useACMEHost != null as pointed out here https://github.com/NixOS/nixpkgs/blob/release-18.03/nixos/modules/services/web-servers/nginx/default.nix#L180
BUT maybe you can also use nixcloud.TLS with services.nginx running on port 80 (not using nixcloud.reverse-proxy), we could try this:
-
readd
enableACME = true;to your config and see https://github.com/NixOS/nixpkgs/blob/release-18.03/nixos/modules/services/web-servers/nginx/default.nix#L181 -
your generated nginx config must contain the
.well-knownfor the respective domain.systemctl cat nginx.servicefrom there search the config file and check if it contains the string
.well-known -
then reissue the acme certificate target (should be reexecuted after
nixos-rebuild switchevery time you make changes)you can restart it manually using:
systemctl restart acme-erictapen.de-ACME.service
please report your results. i'm curious!
how to configure nixcloud.TLS
should be like this:
nixcloud.TLS.certs = {
"erictapen.de-ACME" = {
domain = "erictapen.de";
};
};
from nixcloud-webservices.
qknight
commented on June 23, 2024
update: https://github.com/NixOS/nixpkgs/blob/release-18.03/nixos/modules/services/web-servers/nginx/default.nix#L592 is also exporting security.acme.certs which should contradict the nixcloud.TLS settings as they probably won't merge.
without major rewrites you won't be able to use services.nginx with nixcloud.TLS
that said, you can always hack your nginx.config manually by using https://nixos.org/nixos/options.html#services.nginx.config
and then it will be possible ... but not easy.
from nixcloud-webservices.
qknight
commented on June 23, 2024
@aszlig this is one reason we need the stateful nginx backend feature, so ppl can just migrate to nixcloud-webservices without much change at first...
from nixcloud-webservices.
erictapen
commented on June 23, 2024
Oh no, then I completely misunderstood the module, sorry. Will have a look at nixcloud.reverse-proxy asap...
from nixcloud-webservices.
qknight
commented on June 23, 2024
i'll be updating the documentation ASAP. seems nixcloud.TLS breaks other assumptions as well.
from nixcloud-webservices.
Related Issues (20)
- nixcloud-webservices 18.09 doesn't seem to enforce nixos/nixpkgs 18.09 HOT 1
- Permission error certificate TLS-acmeSupplied HOT 4
- $service-$name-apache.service is started, despite failing $service-$name-webserver-init.service
- STARTTLS encryption on managesieve cannot be enabled anymore HOT 4
- Domain hydra.nixcloud.io has no dns record HOT 1
- Import with fetchFromGitHub HOT 1
- Document and test email aliases HOT 2
- Configure addition reverse-proxy options with static-darkhttpd
- Missing submodules in Nixos HOT 4
- nixos-19.09: directories test fails
- nixos-19.09: containers test fails HOT 1
- nixcloud.TLS fails in nixos-19.09 HOT 2
- 20.09: loaOf in users.users and users.groups makes nixcloud-webservices throw an error HOT 2
- 20.09: missing /var/{cache,log}/nginx directories prevent nixcloud.reverse-proxy to start HOT 2
- 20.09: preliminary self-signed certificates fail to generate HOT 5
- documentation: add remote repo inclusion recipe (as preferred installation method?)
- webmail not working (on 20.09)
- rspamd not working (on 20.09) due to option users.users error HOT 1
- Infinite recursion on nixos 21.05 HOT 3
- NOTICE: nixcloud-webservices is unmaintained
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nixcloud-webservices.