diff options
Diffstat (limited to 'Omni/Cloud/Comms/Xmpp.nix')
| -rw-r--r-- | Omni/Cloud/Comms/Xmpp.nix | 72 |
1 files changed, 39 insertions, 33 deletions
diff --git a/Omni/Cloud/Comms/Xmpp.nix b/Omni/Cloud/Comms/Xmpp.nix index ea50ed9..93d7cfc 100644 --- a/Omni/Cloud/Comms/Xmpp.nix +++ b/Omni/Cloud/Comms/Xmpp.nix @@ -7,7 +7,7 @@ # xmpp chat service # let - rootDomain = config.networking.domain; # simatime.com + rootDomain = config.networking.domain; # bensima.com ssl = { cert = "/var/lib/acme/${rootDomain}/fullchain.pem"; key = "/var/lib/acme/${rootDomain}/key.pem"; @@ -81,20 +81,20 @@ in { websocket_url = "wss://${rootDomain}/xmpp-websocket"; } - cross_domain_websocket = { "https://${rootDomain}", "https://anon.${rootDomain}" } + cross_domain_websocket = { "https://${rootDomain}" } cross_domain_bosh = false; -- handle this with nginx consider_bosh_secure = true; -- this is a virtualhost that allows anonymous authentication. use this -- for a public lobby. the nix module doesn't support 'authentication' -- so i have to do this here. - VirtualHost "anon.${rootDomain}" - authentication = "anonymous" - ssl = { - cafile = "/etc/ssl/certs/ca-bundle.crt"; - key = "${ssl.key}"; - certificate = "${ssl.cert}"; - }; + --VirtualHost "anon.${rootDomain}" + -- authentication = "anonymous" + -- ssl = { + -- cafile = "/etc/ssl/certs/ca-bundle.crt"; + -- key = "${ssl.key}"; + -- certificate = "${ssl.cert}"; + -- }; ''; muc = [ @@ -116,6 +116,11 @@ in { enabled = true; inherit ssl; }; + "simatime.com" = { + domain = "simatime.com"; + enabled = true; + inherit ssl; + }; }; }; @@ -154,30 +159,31 @@ in { }; }; - services.nginx.virtualHosts."anon.${rootDomain}" = { - useACMEHost = "${rootDomain}"; - forceSSL = true; - locations = { - "/http-bind" = { - proxyPass = "https://anon.${rootDomain}:5281/http-bind"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_buffering off; - if ($request_method ~* "(GET|POST)") { - add_header Access-Control-Allow-Origin "*"; - } - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD"; - add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept"; - return 200; - } - ''; - }; - }; - }; + # this is an old proxy for the conversejs anonymous prosody host + #services.nginx.virtualHosts."anon.${rootDomain}" = { + # useACMEHost = "${rootDomain}"; + # forceSSL = true; + # locations = { + # "/http-bind" = { + # proxyPass = "https://anon.${rootDomain}:5281/http-bind"; + # extraConfig = '' + # proxy_set_header Host $host; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + # proxy_buffering off; + # if ($request_method ~* "(GET|POST)") { + # add_header Access-Control-Allow-Origin "*"; + # } + # if ($request_method = OPTIONS) { + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD"; + # add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept"; + # return 200; + # } + # ''; + # }; + # }; + #}; users.users.nginx.extraGroups = ["prosody"]; |