Hello,
I need to implement mutual TLS.
I also need to have simple TLS for my frontend based at ‘/’
I found this code for nginx that allows this use case, but I can’t see how to script it in nixos.
Especially the ‘if’ part and the conditionning on the location.
server {
listen 443 ssl;
server_name "myserver.net";
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_client_certificate /etc/nixos/client_certs/ca.crt;
ssl_verify_client optional;
# ...
location /api {
if ($ssl_client_verify != SUCCESS) {
return 403;
}
proxyPass = "http://127.0.0.1:8761";
# ...
}
location / {
root /www/data;
# ...
}
}
My current configuration has 1 virtual host and several locations served on port 443.
nginx = {
enable = true;
virtualHosts.${config.networking.hostName} = {
forceSSL = true;
sslCertificate = "/etc/nixos/certs/example.com.crt";
sslCertificateKey = "/etc/nixos/certs/example.com.key";
locations."api" {
# ....
Thanks for the help