forked from CCCHH/nix-infra
Add next.hamburg.ccc.de virtualHost config for hosting the new website
In the future next.hamburg.ccc.de might also be used for hosting website builds of branches or MRs.
This commit is contained in:
parent
567bd65d99
commit
b0995784fc
|
@ -4,5 +4,6 @@
|
|||
imports = [
|
||||
./branding-resources.hamburg.ccc.de.nix
|
||||
./element.hamburg.ccc.de.nix
|
||||
./next.hamburg.ccc.de.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-next.hamburg.ccc.de" = {
|
||||
enableACME = true;
|
||||
serverName = "next.hamburg.ccc.de";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 31820;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
"next.hamburg.ccc.de" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "next.hamburg.ccc.de";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 8443;
|
||||
ssl = true;
|
||||
extraParameters = [ "proxy_protocol" ];
|
||||
}
|
||||
];
|
||||
|
||||
root = "/var/www/next.hamburg.ccc.de/";
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 172.31.17.140;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
users.users.ccchh-website-deploy = {
|
||||
isNormalUser = true;
|
||||
group = "ccchh-website-deploy";
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb next.hamburg.ccc.de deployment key"
|
||||
];
|
||||
};
|
||||
users.groups.ccchh-website-deploy = { };
|
||||
}
|
Loading…
Reference in a new issue