From 869f85b74e3d4cca2e5dd5bef9df76e9690e1880 Mon Sep 17 00:00:00 2001 From: oqyude Date: Sat, 13 Sep 2025 13:45:05 +0300 Subject: [PATCH] point --- nixosModules/vds/nginx.nix | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/nixosModules/vds/nginx.nix b/nixosModules/vds/nginx.nix index 1f17e09..2bea183 100755 --- a/nixosModules/vds/nginx.nix +++ b/nixosModules/vds/nginx.nix @@ -7,7 +7,12 @@ let server = "100.64.0.0"; in { + users.users.nginx.extraGroups = [ "acme" ]; services = { + certbot = { + enable = true; + agreeTerms = true; + }; nginx = { enable = true; recommendedGzipSettings = true; @@ -20,16 +25,26 @@ in listen = [ { addr = "0.0.0.0"; - port = 8443; + port = 80; + } + { + addr = "0.0.0.0"; + port = 443; ssl = true; } ]; - forceSSL = true; + #forceSSL = true; + addSSL = true; enableACME = true; - locations."/" = { - proxyPass = "http://${server}:2283"; # Порт Immich - proxyWebsockets = true; # Если Immich использует WebSockets + locations = { + "/" = { + proxyPass = "http://${server}:2283"; # Порт Immich + proxyWebsockets = true; # Если Immich использует WebSockets + }; }; + # locations."/.well-known/acme-challenge" = { + # root = "/var/www/acme/acme-challenge"; + # }; }; # "nextcloud.zeroq.ru" = { # addSSL = true; @@ -73,7 +88,13 @@ in }; security.acme = { acceptTerms = true; - defaults.email = "oqyude@gmail.com"; + defaults = { + email = "oqyude@gmail.com"; + webroot = "/var/lib/acme/acme-challenge"; + group = config.services.nginx.group; + server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + #listenHTTP = ":1360"; + }; # certs."immich.zeroq.ru" = { # email = "go.bin043120@gmail.com"; # dnsProvider = "cloudflare";