aboutsummaryrefslogtreecommitdiff
path: root/.guix/guix-na
diff options
context:
space:
mode:
authorCollin J. Doering2024-05-31 10:19:07 -0400
committerCollin J. Doering2024-05-31 10:19:07 -0400
commitbf8119a027a680c3f05714cbd2d38ed5c365f496 (patch)
treefea9bebeeec36eda71207513b6de7c9629e39a7b /.guix/guix-na
parent80570af8dd0176ac301e5be48aeefed8789c5856 (diff)
downloadguix-north-america-bf8119a027a680c3f05714cbd2d38ed5c365f496.tar.gz
balg02: Re-enable https (that was disabled in 4230616)
- https was initially disabled as nginx failed to start due to a missing certificate - Worth noting that dhparam's were manually generated on balg02
Diffstat (limited to '.guix/guix-na')
-rw-r--r--.guix/guix-na/config/balg02.scm38
1 files changed, 19 insertions, 19 deletions
diff --git a/.guix/guix-na/config/balg02.scm b/.guix/guix-na/config/balg02.scm
index 7945465..371f514 100644
--- a/.guix/guix-na/config/balg02.scm
+++ b/.guix/guix-na/config/balg02.scm
@@ -225,7 +225,6 @@ PUBLISH-URL."
"ssl_ciphers HIGH:!aNULL:!MD5;"
"ssl_prefer_server_ciphers on;"
- ;; TODO: these need to be generated
;; Use our own DH parameters created with:
;; openssl dhparam -out dhparams.pem 2048
;; as suggested at <https://weakdh.org/sysadmin.html>.
@@ -306,24 +305,25 @@ synonymous IETF language tags that should be mapped to the same $lang."
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;")))
;; HTTPS servers
- ;; (nginx-server-configuration
- ;; (listen '("443 ssl"))
- ;; (server-name '("cuirass.genenetwork.org"))
- ;; (ssl-certificate (le "cuirass.genenetwork.org"))
- ;; (ssl-certificate-key (le "cuirass.genenetwork.org" 'key))
- ;; (locations (balg02-locations %publish-url))
- ;; (raw-content
- ;; (append
- ;; %tls-settings
- ;; (list
- ;; "access_log /var/run/nginx/https.access.log;"
- ;; "proxy_set_header X-Forwarded-Host $host;"
- ;; "proxy_set_header X-Forwarded-Port $server_port;"
- ;; "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
- ;; ;; For Cuirass admin interface authentication
- ;; "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;"
- ;; "ssl_verify_client optional;"))))
- ))
+ (nginx-server-configuration
+ (listen '("443 ssl"))
+ (server-name '("cuirass.genenetwork.org"))
+ (ssl-certificate (le "cuirass.genenetwork.org"))
+ (ssl-certificate-key (le "cuirass.genenetwork.org" 'key))
+ (locations (balg02-locations %publish-url))
+ (raw-content
+ (append
+ %tls-settings
+ (list
+ "access_log /var/run/nginx/https.access.log;"
+ "proxy_set_header X-Forwarded-Host $host;"
+ "proxy_set_header X-Forwarded-Port $server_port;"
+ "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
+ ;; TODO:
+ ;; For Cuirass admin interface authentication
+ ;; "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;"
+ ;; "ssl_verify_client optional;"
+ ))))))
(define %extra-content
(list