add nginx proxy on FELONYSPORK with ACME certs

2 years ago · 60484492fd
1 changed files with 27 additions and 2 deletions
--- a/hosts/felonyspork/configuration.nix
+++ b/hosts/felonyspork/configuration.nix
@ -59,13 +59,38 @@
  # NGINX webserver and ACME certs
  services.nginx = {
    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
    virtualHosts."home.nora.codes" = {
+      addSSL = true;
+      enableACME = true;
      root = "/var/www/home.nora.codes";
    };
-    virtualHosts."test.home.nora.codes" = {
-      root = "/var/www/home.nora.codes";
+    virtualHosts."bluemap.home.nora.codes" = {
+      addSSL = true;
+      useACMEHost = "home.nora.codes";
+      locations."/" = {
+        proxyPass = "http://crimespoon.local:8100";
+        proxyWebsockets = true;
+      };
+    };
+    virtualHosts."felonyspork.local" = {
+      locations."/" = {
+        root = "/var/www/home.nora.codes";
+      };
+      locations."/blue" = {
+        proxyPass = "http://crimespoon.local:8100";
+        proxyWebsockets = true;
+      };
    };
  };
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "nora+acme@nora.codes";
+    certs."home.nora.codes".extraDomainNames = [
+      "bluemap.home.nora.codes"
+    ];
+  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  # This value determines the NixOS release from which the default