use single ACME certificate

This commit is contained in:
Sebastien Bourdeauducq 2019-04-01 19:47:47 +08:00
parent b2b17779f7
commit 7e3a95f280

View File

@ -132,33 +132,44 @@ ACTION=="add", SUBSYSTEM=="tty", \
siteUrl = "https://chat.m-labs.hk/"; siteUrl = "https://chat.m-labs.hk/";
}; };
security.acme.certs = {
"nixbld.m-labs.hk" = {
webroot = "/var/lib/acme/acme-challenge";
extraDomains = {
"buildbot.m-labs.hk" = null;
"lab.m-labs.hk" = null;
"git.m-labs.hk" = null;
"chat.m-labs.hk" = null;
};
};
};
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"buildbot.m-labs.hk" = { "buildbot.m-labs.hk" = {
addSSL = true; addSSL = true;
enableACME = true; useACMEHost = "nixbld.m-labs.hk";
locations."/".proxyPass = "http://192.168.1.100"; locations."/".proxyPass = "http://192.168.1.100";
}; };
"lab.m-labs.hk" = { "lab.m-labs.hk" = {
addSSL = true; addSSL = true;
enableACME = true; useACMEHost = "nixbld.m-labs.hk";
locations."/".proxyPass = "http://192.168.1.100"; locations."/".proxyPass = "http://192.168.1.100";
}; };
"nixbld.m-labs.hk" = { "nixbld.m-labs.hk" = {
forceSSL = true; forceSSL = true;
enableACME = true; useACMEHost = "nixbld.m-labs.hk";
locations."/".proxyPass = "http://127.0.0.1:3000"; locations."/".proxyPass = "http://127.0.0.1:3000";
}; };
"git.m-labs.hk" = { "git.m-labs.hk" = {
forceSSL = true; forceSSL = true;
enableACME = true; useACMEHost = "nixbld.m-labs.hk";
locations."/".proxyPass = "http://127.0.0.1:3001"; locations."/".proxyPass = "http://127.0.0.1:3001";
}; };
"chat.m-labs.hk" = { "chat.m-labs.hk" = {
forceSSL = true; forceSSL = true;
enableACME = true; useACMEHost = "nixbld.m-labs.hk";
locations."/".proxyPass = "http://127.0.0.1:8065"; locations."/".proxyPass = "http://127.0.0.1:8065";
}; };
}; };