Nginx: Difference between revisions

← Older edit Newer edit →

VisualWikitext

@@ Line 1: / Line 1: @@
+Nginx is a lightweight webserver. Configuration is handled using the [https://nixos.org/nixos/options.html#services.nginx. services.nginx] options.
+== Let's Encrypt certificates ==
+The nginx module for NixOS has [https://nixos.org/nixos/options.html#services.nginx.+acme native support for Let's encrypt] certificates. [https://nixos.org/nixos/manual/#module-security-acme The manual, chapter 20] explains it in details.
+=== Troubleshooting ===
+==== Rate limiting ====
+The ACME server for Let's encrypt has rate limits. There is a known issue<ref>https://github.com/NixOS/nixpkgs/issues/38144</ref> with how NixOS handles automatic certificate generation wherein it is trivial to hit the limits when enabling multiple domains or sub-domains at once.
+When hitting the limit, the logs will show as follows:
+<pre>
+Mar 30 14:07:38 HOSTNAME systemd[1]: Failed to start Renew ACME Certificate for example.com.
+...
+Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: 2018-03-30 18:08:10,566:DEBUG:acme.client:540: JWS payload:
+Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: {
+Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]:   "resource": "new-reg"
+Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: }
+...
+Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: Connection: close
+Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: {
+Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]:   "type": "urn:acme:error:rateLimited",
+Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]:   "detail": "Error creating new registration :: too many registrations for this IP: see https://letsencrypt.org/docs/rate-limits/",
+Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]:   "status": 429
+Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: }
+</pre>
+See {{issue|38144}} for the current status.
 == Sample setups ==
@@ Line 49: / Line 81: @@
 '';
 </syntaxhighlight>
+<hr />