From a5733b9817a11553d542eb6b023f925472871573 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Fri, 27 Aug 2021 09:59:33 +0000
Subject: [PATCH] Issuer NGINX: Pass less scanning noise to back end

---
 nixos/modules/issuer.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index 93de02ef..7636c8e7 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -243,7 +243,10 @@ in {
         serverAliases = builtins.tail cfg.domains;
         enableACME = cfg.tls;
         forceSSL = cfg.tls;
-        locations."/" = {
+        locations."/v1/" = {
+          # Only forward requests beginning with /v1/ so
+          # we pass less scanning spam on to our backend
+          # Want a regex instead? try locations."~ /v\d+/"
           proxyPass = "http://127.0.0.1:${internalHttpPort}";
         };
         locations."/metrics" = {
-- 
GitLab