rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(nginx): prevent other subdomains from being acccessed

Browse source
This commit is contained in:
Mohammad Rafiq 2025-06-11 20:57:53 +08:00
parent 97746093ed
commit e4b260ada1
No known key found for this signature in database
1 changed files with 20 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

31
modules/nixos/server/web-servers/default.nix
View file

@ -1,6 +1,18 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.server.web-servers; cfg = config.server.web-servers;
proxyPasses = builtins.listToAttrs (
builtins.map (proxy: {
name = proxy.source;
value = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = proxy.target;
} // proxy.extraConfig;
};
}) cfg.nginx.proxies
);
in in
{ {
options.server.web-servers = { options.server.web-servers = {
@ -45,18 +57,15 @@ in
]; ];
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = builtins.listToAttrs ( virtualHosts = {
builtins.map (proxy: { "_" = {
name = proxy.source; default = true;
value = { rejectSSL = true;
forceSSL = true; locations."/" = {
enableACME = true; return = "444";
locations."/" = {
proxyPass = proxy.target;
} // proxy.extraConfig;
}; };
}) cfg.nginx.proxies };
); } // proxyPasses;
}; };
}) })
]; ];