diff --git a/configs/sputnik/nginx.nix b/configs/sputnik/nginx.nix index 83c7b37..3e6fe25 100644 --- a/configs/sputnik/nginx.nix +++ b/configs/sputnik/nginx.nix @@ -285,44 +285,44 @@ in { }; - "home.ingolf-wagner.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 4443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - ]; - extraConfig = '' - proxy_buffering off; - # client certificate - ssl_client_certificate ${}; - # make verification optional, so we can display a 403 message to those - # who fail authentication - ssl_verify_client optional; - ''; - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://pepe.private:8123"; - proxyWebsockets = true; - extraConfig = '' - # if the client-side certificate failed to authenticate, show a 403 - # message to the client - if ($ssl_client_verify != SUCCESS) { - return 403; - } - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - ''; - }; - }; + #"home.ingolf-wagner.de" = { + # listen = [ + # { + # addr = "0.0.0.0"; + # port = 4443; + # ssl = true; + # } + # { + # addr = "0.0.0.0"; + # port = 80; + # ssl = false; + # } + # ]; + # extraConfig = '' + # proxy_buffering off; + # # client certificate + # ssl_client_certificate ${}; + # # make verification optional, so we can display a 403 message to those + # # who fail authentication + # ssl_verify_client optional; + # ''; + # forceSSL = true; + # enableACME = true; + # locations."/" = { + # proxyPass = "http://pepe.private:8123"; + # proxyWebsockets = true; + # extraConfig = '' + # # if the client-side certificate failed to authenticate, show a 403 + # # message to the client + # if ($ssl_client_verify != SUCCESS) { + # return 403; + # } + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection $connection_upgrade; + # ''; + # }; + #}; };