listen for ssl connections to reject

2024-10-10 01:43:48 -04:00 · 2024-10-10 01:43:48 -04:00 · 6bb66f3e21
commit 6bb66f3e21
parent 17aa3246df
1 changed files with 35 additions and 46 deletions
--- a/ogdo.nix
+++ b/ogdo.nix
@ -4,7 +4,7 @@
    enable = true;

    # ꙮ.run
-    virtualHosts."xn--xx8a.run" = {
+    virtualHosts = let
      listen = [
        {
          addr = "0.0.0.0";
@ -15,9 +15,21 @@
          addr = "[::]";
        }
        # deliberately avoid listening with https
+        {
+          addr = "0.0.0.0";
+          port = 443;
+          ssl = true;
+        }
+        {
+          port = 443;
+          ssl = true;
+          addr = "[::]";
+        }
      ];
-
      rejectSSL = true;
+    in {
+      "xn--xx8a.run" = {
+        inherit listen rejectSSL;
        root = "/srv/ogdo";

        extraConfig = ''
@ -36,38 +48,15 @@
        };
      };

-    virtualHosts."ogdo.run" = {
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 80;
-        }
-        {
-          port = 80;
-          addr = "[::]";
-        }
-      ];
-
-      rejectSSL = true;
-
+      "ogdo.run" = {
+        inherit listen rejectSSL;
        locations."/".return = "301 http://xn--xx8a.run$request_uri";
      };

-    virtualHosts."ꙮ.run" = {
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 80;
-        }
-        {
-          port = 80;
-          addr = "[::]";
-        }
-      ];
-
-      rejectSSL = true;
-
+      "ꙮ.run" = {
+        inherit listen rejectSSL;
        locations."/".return = "301 http://ogdo.run$request_uri";
      };
    };
+  };
 }