This is one area where I've found nixos to be really helpful. I can set this up ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

sharperguy on May 6, 2024 | parent | context | favorite | on: Take a look at Traefik, even if you don't use cont...

This is one area where I've found nixos to be really helpful. I can set this up with just adding some lines to the configuration.nix (which uses lego(1) and letsencrypt in the backend):

  security.acme = {
    acceptTerms = true;
    defaults.email = "admin-email@provider.net";
    certs."mydomain.example.com" = {
      domain = "*.mydomain.example.com";
      dnsProvider = "cloudflare";
      environmentFile = "/path/to/cloudflare/password";
    };
  };
  
  services.caddy.enable = true;
  
  services.caddy.virtualHosts."subdomain1.mydomain.example.com" = {
    extraConfig = ''
      reverse_proxy 127.0.0.1:1234
    '';
    useACMEHost = "mydomain.example.com";
  };

Configuring with nginx is also fairly similar I think.

1. https://github.com/go-acme/lego

JamesSwift on May 6, 2024 | [–]

Nice, I am about to look into wildcard certs w/ nixos. Looks like it all 'just works' as long as you use a supported DNS provider?

3abiton on May 11, 2024 | [–]

Kudos to nix again!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact