diff --git a/config/hosts/public-web-static/nginx.nix b/config/hosts/public-web-static/nginx.nix index b69e60b..9d0e173 100644 --- a/config/hosts/public-web-static/nginx.nix +++ b/config/hosts/public-web-static/nginx.nix @@ -1,12 +1,7 @@ { ... }: { - services.nginx = { - enable = true; - appendHttpConfig = '' - access_log off; - ''; - }; + services.nginx.enable = true; networking.firewall.allowedTCPPorts = [ 8443 31820 ]; networking.firewall.allowedUDPPorts = [ 8443 ]; diff --git a/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix index a6c67f8..d0d01f3 100644 --- a/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix @@ -1,17 +1,13 @@ { ... }: let - domain = "cpu.ccc.de"; - dataDir = "/var/www/${domain}"; + # For now under cpuccc.hamburg.ccc.de. + domain = "cpuccc.hamburg.ccc.de"; + # dataDir = "/var/www/${domain}"; + dataDir = "/var/www/cpu.ccc.de"; deployUser = "cpuccc-website-deploy"; in { - security.acme.certs."cpu.ccc.de".extraDomainNames = [ - "cpuccc.hamburg.ccc.de" - "lokal.ccc.de" - "local.ccc.de" - ]; - services.nginx.virtualHosts = { "acme-${domain}" = { enableACME = true; @@ -74,35 +70,6 @@ in ''; }; }; - - "cpuccc.hamburg.ccc.de" = { - forceSSL = true; - useACMEHost = "cpu.ccc.de"; - serverAliases = [ - "lokal.ccc.de" - "local.ccc.de" - ]; - - listen = [{ - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - }]; - - locations."/".return = "302 https://cpu.ccc.de"; - - extraConfig = '' - # Make use of the ngx_http_realip_module to set the $remote_addr and - # $remote_port to the client address and client port, when using proxy - # protocol. - # First set our proxy protocol proxy as trusted. - set_real_ip_from 172.31.17.140; - # Then tell the realip_module to get the addreses from the proxy protocol - # header. - real_ip_header proxy_protocol; - ''; - }; }; systemd.tmpfiles.rules = [