diff options
author | Franck Cuny <franck@fcuny.net> | 2022-06-23 17:56:51 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2022-06-23 18:02:27 -0700 |
commit | 6c1154e7c4cf6c648f5ebac30f46141b2d4f6c39 (patch) | |
tree | 78cc807cf16c6bf0c161097bc24a03bc8be0f73b | |
parent | fix(modules/navidrome): configure nginx to bind to tailscale IP (diff) | |
download | world-6c1154e7c4cf6c648f5ebac30f46141b2d4f6c39.tar.gz |
fix(modules/unifi): configure nginx to bind to tailscale IP
Only serve a response if the request is coming from tailscale. To ensure this is the case, let's configure nginx to only listen on the tailscale IP of the host for that server. Note: the IP for tailscale is hard coded, there has to be a better way. Change-Id: I75978866eb978439df76cede5bf993762f7cd5ab Reviewed-on: https://cl.fcuny.net/c/world/+/485 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
-rw-r--r-- | modules/services/unifi/default.nix | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix index 3ffae15..4f1924e 100644 --- a/modules/services/unifi/default.nix +++ b/modules/services/unifi/default.nix @@ -72,6 +72,18 @@ in services.nginx.virtualHosts."${cfg.vhostName}" = { forceSSL = true; useACMEHost = cfg.vhostName; + listen = [ + { + addr = "100.85.232.66"; + port = 443; + ssl = true; + } + { + addr = "100.85.232.66"; + port = 80; + ssl = false; + } + ]; locations."/" = { proxyPass = "http://127.0.0.1:8443"; proxyWebsockets = true; |