genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 17:37:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Enable HTTPS for genebean.me with Let's Encrypt HTTP-01 challenge

Browse source 
- Configure ACME with HTTP-01 challenge for Let's Encrypt cert
- Add manual proxy config for Plausible analytics (stats.technicalissues.us)
- Fix issue where recommendedProxySettings caused upstream redirect by
  explicitly setting Host header to stats.technicalissues.us instead of
  passing the genebean.me host
This commit is contained in:
Gene Liverman 2025-11-07 07:56:21 -05:00
parent 53b3e34549
commit 31c669d7eb
1 changed files with 30 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

46
modules/hosts/nixos/hetznix02/post-install/nginx.nix
View file

@ -1,8 +1,6 @@
{ config, pkgs, ... }: let { pkgs, ... }: let
domain = "genebean.me"; domain = "genebean.me";
http_port = 80;
https_port = 443;
in { in {
environment.etc.nginx-littlelinks = { environment.etc.nginx-littlelinks = {
# Info generated via # Info generated via
@ -10,16 +8,14 @@ in {
source = pkgs.fetchFromGitHub { source = pkgs.fetchFromGitHub {
owner = "genebean"; owner = "genebean";
repo = "littlelink"; repo = "littlelink";
rev = "genebean-1.0.1"; rev = "genebean-1.0.2";
hash = "sha256-r7cvcKdlivQ2MA1UhypwdJrg7CREzTZE5fiNA9AWY/0="; hash = "sha256-Fr1Qt/YaXNoDI4WHUuI2s852ENte8GjOmJrtEpq/SfY=";
}; };
}; };
security.acme.certs."${domain}" = { security.acme.certs."${domain}" = {
email = "lets-encrypt@technicalissues.us"; email = "lets-encrypt@technicalissues.us";
inheritDefaults = false; inheritDefaults = false;
listenHTTP = ":80";
# uncomment below for testing
# server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # server = "https://acme-staging-v02.api.letsencrypt.org/directory";
}; };
@ -28,7 +24,7 @@ in {
recommendedBrotliSettings = true; recommendedBrotliSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; #recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
appendHttpConfig = '' appendHttpConfig = ''
# Add HSTS header with preloading to HTTPS requests. # Add HSTS header with preloading to HTTPS requests.
@ -45,12 +41,9 @@ in {
]; ];
default = true; default = true;
enableACME = true; enableACME = true;
acmeRoot = null;
forceSSL = true; forceSSL = true;
root = "/etc/nginx-littlelinks";
locations = { locations = {
"/" = {
root = "/etc/nginx-littlelinks";
};
"/.well-known/lnurlp/genebean" = { "/.well-known/lnurlp/genebean" = {
return = '' return = ''
200 '{"status":"OK","tag":"payRequest","commentAllowed":255,"callback":"https://getalby.com/lnurlp/genebean/callback","metadata":"[[\\"text/identifier\\",\\"genebean@getalby.com\\"],[\\"text/plain\\",\\"Sats for GeneBean\\"]]","minSendable":1000,"maxSendable":10000000000,"payerData":{"name":{"mandatory":false},"email":{"mandatory":false},"pubkey":{"mandatory":false}},"nostrPubkey":"79f00d3f5a19ec806189fcab03c1be4ff81d18ee4f653c88fac41fe03570f432","allowsNostr":true}' 200 '{"status":"OK","tag":"payRequest","commentAllowed":255,"callback":"https://getalby.com/lnurlp/genebean/callback","metadata":"[[\\"text/identifier\\",\\"genebean@getalby.com\\"],[\\"text/plain\\",\\"Sats for GeneBean\\"]]","minSendable":1000,"maxSendable":10000000000,"payerData":{"name":{"mandatory":false},"email":{"mandatory":false},"pubkey":{"mandatory":false}},"nostrPubkey":"79f00d3f5a19ec806189fcab03c1be4ff81d18ee4f653c88fac41fe03570f432","allowsNostr":true}'
@ -73,14 +66,28 @@ in {
}; };
"/api/event" = { "/api/event" = {
proxyPass = "https://stats.technicalissues.us/api/event"; proxyPass = "https://stats.technicalissues.us/api/event";
proxyWebsockets = true; extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Host stats.technicalissues.us;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
'';
}; };
"/github" = { "/github" = {
return = "301 https://github.com/genebean"; return = "301 https://github.com/genebean";
}; };
"/js/script.outbound-links.js" = { "/js/script.hash.outbound-links.js" = {
proxyPass = "https://stats.technicalissues.us/js/script.outbound-links.js"; proxyPass = "https://stats.technicalissues.us/js/script.hash.outbound-links.js";
proxyWebsockets = true; extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Host stats.technicalissues.us;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
'';
}; };
"/mastodon" = { "/mastodon" = {
return = "302 https://fosstodon.org/@genebean"; return = "302 https://fosstodon.org/@genebean";
@ -88,6 +95,13 @@ in {
"/nostr" = { "/nostr" = {
return = "302 https://primal.net/p/npub1mwsk3ly4lk7efdqqjm62dkc699kqapwyyvdley3xljjm0lxruh9qzvu46p"; return = "302 https://primal.net/p/npub1mwsk3ly4lk7efdqqjm62dkc699kqapwyyvdley3xljjm0lxruh9qzvu46p";
}; };
"/server_status" = {
extraConfig = ''
stub_status;
allow 127.0.0.1;
deny all;
'';
};
}; };
}; # end bare domain }; # end bare domain
}; # end virtualHosts }; # end virtualHosts