diff options
| -rw-r--r-- | .guix/guix-na/config/balg02.scm | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/.guix/guix-na/config/balg02.scm b/.guix/guix-na/config/balg02.scm index 7945465..371f514 100644 --- a/.guix/guix-na/config/balg02.scm +++ b/.guix/guix-na/config/balg02.scm @@ -225,7 +225,6 @@ PUBLISH-URL." "ssl_ciphers HIGH:!aNULL:!MD5;" "ssl_prefer_server_ciphers on;" - ;; TODO: these need to be generated ;; Use our own DH parameters created with: ;; openssl dhparam -out dhparams.pem 2048 ;; as suggested at <https://weakdh.org/sysadmin.html>. @@ -306,24 +305,25 @@ synonymous IETF language tags that should be mapped to the same $lang." "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"))) ;; HTTPS servers - ;; (nginx-server-configuration - ;; (listen '("443 ssl")) - ;; (server-name '("cuirass.genenetwork.org")) - ;; (ssl-certificate (le "cuirass.genenetwork.org")) - ;; (ssl-certificate-key (le "cuirass.genenetwork.org" 'key)) - ;; (locations (balg02-locations %publish-url)) - ;; (raw-content - ;; (append - ;; %tls-settings - ;; (list - ;; "access_log /var/run/nginx/https.access.log;" - ;; "proxy_set_header X-Forwarded-Host $host;" - ;; "proxy_set_header X-Forwarded-Port $server_port;" - ;; "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" - ;; ;; For Cuirass admin interface authentication - ;; "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;" - ;; "ssl_verify_client optional;")))) - )) + (nginx-server-configuration + (listen '("443 ssl")) + (server-name '("cuirass.genenetwork.org")) + (ssl-certificate (le "cuirass.genenetwork.org")) + (ssl-certificate-key (le "cuirass.genenetwork.org" 'key)) + (locations (balg02-locations %publish-url)) + (raw-content + (append + %tls-settings + (list + "access_log /var/run/nginx/https.access.log;" + "proxy_set_header X-Forwarded-Host $host;" + "proxy_set_header X-Forwarded-Port $server_port;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" + ;; TODO: + ;; For Cuirass admin interface authentication + ;; "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;" + ;; "ssl_verify_client optional;" + )))))) (define %extra-content (list |