nixos/tests/acme/default.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / acme / default.nix
at 25.11-pre 1.7 kB view raw
 1{ runTest }:
 2{
 3  http01-builtin = runTest ./http01-builtin.nix;
 4  dns01 = runTest ./dns01.nix;
 5  caddy = runTest ./caddy.nix;
 6  nginx = runTest (
 7    import ./webserver.nix {
 8      serverName = "nginx";
 9      group = "nginx";
10      baseModule = {
11        services.nginx = {
12          enable = true;
13          enableReload = true;
14          logError = "stderr info";
15          # This tests a number of things at once:
16          #   - Self-signed certs are in place before the webserver startup
17          #   - Nginx is started before acme renewal is attempted
18          #   - useACMEHost behaves as expected
19          #   - acmeFallbackHost behaves as expected
20          virtualHosts.default = {
21            default = true;
22            addSSL = true;
23            useACMEHost = "proxied.example.test";
24            acmeFallbackHost = "localhost:8080";
25            # lego will refuse the request if the host header is not correct
26            extraConfig = ''
27              proxy_set_header Host $host;
28            '';
29          };
30        };
31      };
32    }
33  );
34  httpd = runTest (
35    import ./webserver.nix {
36      serverName = "httpd";
37      group = "wwwrun";
38      baseModule = {
39        services.httpd = {
40          enable = true;
41          # This is the default by virtue of being the first defined vhost.
42          virtualHosts.default = {
43            addSSL = true;
44            useACMEHost = "proxied.example.test";
45            locations."/.well-known/acme-challenge" = {
46              proxyPass = "http://localhost:8080/.well-known/acme-challenge";
47              extraConfig = ''
48                ProxyPreserveHost On
49              '';
50            };
51          };
52        };
53      };
54    }
55  );
56}