---
title: nginx reverse-proxy with SSL for services running on tailscale!
date: 2023-09-12
tags:
  - tailscale
  - nixos
draft: true
---

So you're running something on a server somewhere. For whatever reason you cant or don't want to expose ports 80 and 443 to the outside world.

```nix
services.jellyfin.enable = true;

security.acme = {
  acceptTerms = true;
  defaults = {
    email = "barry@email.com";
    dnsProvider = "cloudflare";
    credentialsFile = "/etc/credentials.env";
  };
};

services.nginx = {
  enable = true;
  virtualHosts."example.com" = {
    enableACME = true;
    acmeRoot = null;
    addSSL = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:8096";
	  proxyWebsockets = true;
	};
  };
};
```