nginx: generate certificates for custom domains and subdomains

This commit is contained in:
Izorkin 2018-11-16 14:11:31 +03:00 committed by Izorkin
parent 7c7ed5ce06
commit f3d967f830
Failed to generate hash of commit
3 changed files with 17 additions and 0 deletions

View file

@ -44,6 +44,13 @@ in
description = "The domains that this mail server serves."; description = "The domains that this mail server serves.";
}; };
certificateDomains = mkOption {
type = types.listOf types.str;
example = [ "imap.example.com" "pop3.example.com" ];
default = [];
description = "Secondary domains and subdomains for which it is necessary to generate a certificate.";
};
messageSizeLimit = mkOption { messageSizeLimit = mkOption {
type = types.int; type = types.int;
example = 52428800; example = 52428800;

View file

@ -595,6 +595,15 @@ certificate is valid for 10 years.
- Default: ``/var/certs`` - Default: ``/var/certs``
mailserver.certificateDomains
-----------------------------
Secondary domains and subdomains for which it is necessary to generate a certificate.
- Type: ``list of strings``
- Default: ``[]``
mailserver.certificateFile mailserver.certificateFile
-------------------------- --------------------------

View file

@ -29,6 +29,7 @@ in
enable = true; enable = true;
virtualHosts."${cfg.fqdn}" = { virtualHosts."${cfg.fqdn}" = {
serverName = cfg.fqdn; serverName = cfg.fqdn;
serverAliases = cfg.certificateDomains;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
acmeRoot = acmeRoot; acmeRoot = acmeRoot;