-
-
Notifications
You must be signed in to change notification settings - Fork 14.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/caddy: set extraDomainNames for acme #239982
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- does this merge properly if you have multiple virtual hosts using the same
useACMEHost
value? - does this PR solve a specific problem you are having in your configuration?
Good catch. Currently, it does not.
This does solve a problem, which I do not have because I do not use The problem occurs when the acme module (lego) uses caddy to complete http-01 challenges.
In this case, it's easy to overlook that An example for FOO is NixOS Mailserver with non-empty So one decides to mimic the nginx config of NixOS Mailserver for caddy: { config, ... }:
let
fqdn = "mail.example.com";
in
{
mailserver = {
...
fqdn = "mail.example.com";
certificateDomains = [ "imap.example.com" ];
certificateScheme = "acme";
};
services.caddy = {
...
virtualHosts.${fqdn} = {
useACMEHost = fqdn;
serverAliases = config.mailserver.certificateDomains;
extraConfig = ''
file_server /.well-known/acme-challenge/* {
root ${config.security.acme.certs.${fqdn}.webroot}
}
'';
};
};
security.acme.certs.${fqdn} = {
webroot = "...";
# XXX he overlooks extraDomainNames
};
} IMHO, setting |
Wouldn't it make sense to just have Really the What do you think @emilylange? |
That would be great but I do not think caddy is able to do that.
What is this use case? From the description you added for That said, it is possible to change this PR to properly merge domains. However, I consider my implementation inelegant. This is more complicate than I thought, and I do not have enough time for it. So I will close this PR. Thanks for your review. |
I think |
A bit late to the party, but yeah, Caddy does support a variant of this via events using e.g. https://github.com/mholt/caddy-events-exec But that is still in a somewhat early stage, and building Caddy with plugins in nixpkgs is quite a hassle as of right now, unfortunately. |
Thanks for the info of caddy event handler, which did not exist last time I checked1. Using https://github.com/mholt/caddy-events-exec and giving the |
Description of changes
Doing so is reasonable and nginx module also does so.
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)