aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.guix/guix-na/config/balg02.scm38
1 files changed, 19 insertions, 19 deletions
diff --git a/.guix/guix-na/config/balg02.scm b/.guix/guix-na/config/balg02.scm
index 7945465..371f514 100644
--- a/.guix/guix-na/config/balg02.scm
+++ b/.guix/guix-na/config/balg02.scm
@@ -225,7 +225,6 @@ PUBLISH-URL."
"ssl_ciphers HIGH:!aNULL:!MD5;"
"ssl_prefer_server_ciphers on;"
- ;; TODO: these need to be generated
;; Use our own DH parameters created with:
;; openssl dhparam -out dhparams.pem 2048
;; as suggested at <https://weakdh.org/sysadmin.html>.
@@ -306,24 +305,25 @@ synonymous IETF language tags that should be mapped to the same $lang."
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;")))
;; HTTPS servers
- ;; (nginx-server-configuration
- ;; (listen '("443 ssl"))
- ;; (server-name '("cuirass.genenetwork.org"))
- ;; (ssl-certificate (le "cuirass.genenetwork.org"))
- ;; (ssl-certificate-key (le "cuirass.genenetwork.org" 'key))
- ;; (locations (balg02-locations %publish-url))
- ;; (raw-content
- ;; (append
- ;; %tls-settings
- ;; (list
- ;; "access_log /var/run/nginx/https.access.log;"
- ;; "proxy_set_header X-Forwarded-Host $host;"
- ;; "proxy_set_header X-Forwarded-Port $server_port;"
- ;; "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
- ;; ;; For Cuirass admin interface authentication
- ;; "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;"
- ;; "ssl_verify_client optional;"))))
- ))
+ (nginx-server-configuration
+ (listen '("443 ssl"))
+ (server-name '("cuirass.genenetwork.org"))
+ (ssl-certificate (le "cuirass.genenetwork.org"))
+ (ssl-certificate-key (le "cuirass.genenetwork.org" 'key))
+ (locations (balg02-locations %publish-url))
+ (raw-content
+ (append
+ %tls-settings
+ (list
+ "access_log /var/run/nginx/https.access.log;"
+ "proxy_set_header X-Forwarded-Host $host;"
+ "proxy_set_header X-Forwarded-Port $server_port;"
+ "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
+ ;; TODO:
+ ;; For Cuirass admin interface authentication
+ ;; "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;"
+ ;; "ssl_verify_client optional;"
+ ))))))
(define %extra-content
(list