From 6c1154e7c4cf6c648f5ebac30f46141b2d4f6c39 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Thu, 23 Jun 2022 17:56:51 -0700 Subject: fix(modules/unifi): configure nginx to bind to tailscale IP Only serve a response if the request is coming from tailscale. To ensure this is the case, let's configure nginx to only listen on the tailscale IP of the host for that server. Note: the IP for tailscale is hard coded, there has to be a better way. Change-Id: I75978866eb978439df76cede5bf993762f7cd5ab Reviewed-on: https://cl.fcuny.net/c/world/+/485 Tested-by: CI Reviewed-by: Franck Cuny --- modules/services/unifi/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix index 3ffae15..4f1924e 100644 --- a/modules/services/unifi/default.nix +++ b/modules/services/unifi/default.nix @@ -72,6 +72,18 @@ in services.nginx.virtualHosts."${cfg.vhostName}" = { forceSSL = true; useACMEHost = cfg.vhostName; + listen = [ + { + addr = "100.85.232.66"; + port = 443; + ssl = true; + } + { + addr = "100.85.232.66"; + port = 80; + ssl = false; + } + ]; locations."/" = { proxyPass = "http://127.0.0.1:8443"; proxyWebsockets = true; -- cgit 1.4.1