I’m trying to follow the NixOS manual to set up hosting. I’m using nixos-unstable
and importing this file into my flake setup. The issue is that I can switch into this generation, but that when I try to go to mydoma.in
from the browser, using http
or https
, it will redirect to https://mydoma.in
… which redirects to https://mydoma.in
… etc, etc. The same thing occurs for watch.mydoma.in
. I’m trying here to follow the manual to a T, and have no clue what I’m doing wrong.
https.nix
{ ... }: {
security.acme.acceptTerms = true;
security.acme.defaults.email = "myemail@gmail.com";
# /var/lib/acme/.challenges must be writable by the ACME user
# and readable by the Nginx user. The easiest way to achieve
# this is to add the Nginx user to the ACME group.
users.users.nginx.extraGroups = [ "acme" ];
services.nginx = {
enable = true;
virtualHosts = {
"acmechallenge.mydoma.in" = {
# Catchall vhost, will redirect users to HTTPS for all vhosts
serverAliases = [ "*.my.doma.in" ];
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/.challenges";
};
locations."/" = {
return = "301 https://$host$request_uri";
};
};
"mydoma.in" = {
forceSSL = true;
enableACME = true;
locations."/".root = "/var/www";
};
"watch.mydoma.in" = {
forceSSL = true;
useACMEHost = "my.doma.in";
locations."/".proxyPass = "http://localhost:8096";
};
};
};
security.acme.certs."mydoma.in" = {
webroot = "/var/lib/acme/.challenges";
email = "myemail@gmail.com";
# Ensure that the web server you use can read the generated certs
# Take a look at the group option for the web server you choose.
group = "nginx";
# Since we have a wildcard vhost to handle port 80,
# we can generate certs for anything!
# Just make sure your DNS resolves them.
extraDomainNames = [ "watch.mydoma.in" ];
};
}