greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rename nginx certificate files

Browse Source
This commit is contained in:
Ștefan D. Mihăilă 2019-08-13 22:57:59 +02:00
parent b122256e78
commit 19b971f21f
No known key found for this signature in database
GPG Key ID: 6220AD7846220A52
3 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/electrs.nix
View File

@ -106,8 +106,8 @@ in {
listen ${toString config.services.electrs.nginxport} ssl; listen ${toString config.services.electrs.nginxport} ssl;
proxy_pass electrs; proxy_pass electrs;
ssl_certificate /secrets/ssl_certificate; ssl_certificate /secrets/nginx_cert;
ssl_certificate_key /secrets/ssl_certificate_key; ssl_certificate_key /secrets/nginx_key;
ssl_session_cache shared:SSL:1m; ssl_session_cache shared:SSL:1m;
ssl_session_timeout 4h; ssl_session_timeout 4h;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

10
network/network.nix
View File

@ -36,15 +36,15 @@ let
group = "clightning"; group = "clightning";
permissions = "0440"; permissions = "0440";
}; };
ssl_certificate_key = { nginx_key = {
keyFile = ../secrets/ssl_certificate_key.key; keyFile = ../secrets/nginx.key;
destDir = "/secrets/"; destDir = "/secrets/";
user = "nginx"; user = "nginx";
group = "root"; group = "root";
permissions = "0440"; permissions = "0440";
}; };
ssl_certificate = { nginx_cert = {
keyFile = ../secrets/ssl_certificate.crt; keyFile = ../secrets/nginx.cert;
destDir = "/secrets/"; destDir = "/secrets/";
user = "nginx"; user = "nginx";
group = "root"; group = "root";
@ -65,6 +65,6 @@ in {
// (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { }) // (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { })
// (if (config.services.liquidd.enable) then { inherit liquid-rpcpassword; } else { }) // (if (config.services.liquidd.enable) then { inherit liquid-rpcpassword; } else { })
// (if (config.services.spark-wallet.enable) then { inherit spark-wallet-login; } else { }) // (if (config.services.spark-wallet.enable) then { inherit spark-wallet-login; } else { })
// (if (config.services.electrs.enable) then { inherit ssl_certificate_key ssl_certificate; } else { }); // (if (config.services.electrs.enable) then { inherit nginx_key nginx_cert; } else { });
} // (bitcoin-node { inherit config pkgs; }); } // (bitcoin-node { inherit config pkgs; });
} }

6
secrets/generate_secrets.sh
View File

@ -19,7 +19,7 @@ echo Write secrets to $SECRETSFILE
echo Done echo Done
echo Generate Self-Signed Cert echo Generate Self-Signed Cert
openssl genrsa -out secrets/ssl_certificate_key.key 2048 openssl genrsa -out secrets/nginx.key 2048
openssl req -new -key secrets/ssl_certificate_key.key -out secrets/ssl_certificate.csr -subj "/C=KN" openssl req -new -key secrets/nginx.key -out secrets/nginx.csr -subj "/C=KN"
openssl x509 -req -days 1825 -in secrets/ssl_certificate.csr -signkey secrets/ssl_certificate_key.key -out secrets/ssl_certificate.crt openssl x509 -req -days 1825 -in secrets/nginx.csr -signkey secrets/nginx.key -out secrets/nginx.cert
echo Done echo Done