I’m trying to setup a local binary cache behind a SSL terminating nginx reverse proxy.
The certificate was signed by my root certificate and works just fine with curl.
curl -vI https://cache.my-server.lan
yields SSL certificate verify ok.
The root certificate is added to my system with security.pki.certificates
.
The certificate is also referenced as Environment="CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt"
in nix-daemon.service
(also I don’t know how relevant/needed that is: nix-daemon: remove `CURL_CA_BUNDLE` from sevice by nrdxp · Pull Request #178350 · NixOS/nixpkgs · GitHub)
Is there some issue with nix
accessing a different ca-bundle?
Or is it a configuration issue on my end?