Rename nginx certificate files
This commit is contained in:
parent
b122256e78
commit
19b971f21f
|
@ -106,8 +106,8 @@ in {
|
|||
listen ${toString config.services.electrs.nginxport} ssl;
|
||||
proxy_pass electrs;
|
||||
|
||||
ssl_certificate /secrets/ssl_certificate;
|
||||
ssl_certificate_key /secrets/ssl_certificate_key;
|
||||
ssl_certificate /secrets/nginx_cert;
|
||||
ssl_certificate_key /secrets/nginx_key;
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_session_timeout 4h;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
|
|
|
@ -36,15 +36,15 @@ let
|
|||
group = "clightning";
|
||||
permissions = "0440";
|
||||
};
|
||||
ssl_certificate_key = {
|
||||
keyFile = ../secrets/ssl_certificate_key.key;
|
||||
nginx_key = {
|
||||
keyFile = ../secrets/nginx.key;
|
||||
destDir = "/secrets/";
|
||||
user = "nginx";
|
||||
group = "root";
|
||||
permissions = "0440";
|
||||
};
|
||||
ssl_certificate = {
|
||||
keyFile = ../secrets/ssl_certificate.crt;
|
||||
nginx_cert = {
|
||||
keyFile = ../secrets/nginx.cert;
|
||||
destDir = "/secrets/";
|
||||
user = "nginx";
|
||||
group = "root";
|
||||
|
@ -65,6 +65,6 @@ in {
|
|||
// (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { })
|
||||
// (if (config.services.liquidd.enable) then { inherit liquid-rpcpassword; } else { })
|
||||
// (if (config.services.spark-wallet.enable) then { inherit spark-wallet-login; } else { })
|
||||
// (if (config.services.electrs.enable) then { inherit ssl_certificate_key ssl_certificate; } else { });
|
||||
// (if (config.services.electrs.enable) then { inherit nginx_key nginx_cert; } else { });
|
||||
} // (bitcoin-node { inherit config pkgs; });
|
||||
}
|
||||
|
|
|
@ -19,7 +19,7 @@ echo Write secrets to $SECRETSFILE
|
|||
echo Done
|
||||
|
||||
echo Generate Self-Signed Cert
|
||||
openssl genrsa -out secrets/ssl_certificate_key.key 2048
|
||||
openssl req -new -key secrets/ssl_certificate_key.key -out secrets/ssl_certificate.csr -subj "/C=KN"
|
||||
openssl x509 -req -days 1825 -in secrets/ssl_certificate.csr -signkey secrets/ssl_certificate_key.key -out secrets/ssl_certificate.crt
|
||||
openssl genrsa -out secrets/nginx.key 2048
|
||||
openssl req -new -key secrets/nginx.key -out secrets/nginx.csr -subj "/C=KN"
|
||||
openssl x509 -req -days 1825 -in secrets/nginx.csr -signkey secrets/nginx.key -out secrets/nginx.cert
|
||||
echo Done
|
||||
|
|
Loading…
Reference in New Issue
Block a user