2 years ago · 8842e84b0f
--- a/hosts/containers/public-access-proxy/configuration.nix
+++ b/hosts/containers/public-access-proxy/configuration.nix
@@ -13,6 +13,9 @@
 
				
				     ];
			
 
				
				 
			
 
				
				   networking.hostName = "public-access-proxy";
			
 
				
				+  networking.useNetworkd = true;
			
 
				
				+  networking.defaultGateway = "172.22.99.4";
			
 
				
				+  networking.useDHCP = lib.mkForce true;
			
 
				
				 
			
 
				
				   my.services.proxy = {
			
 
				
				     enable = true;
			
@@ -23,7 +26,7 @@
 
				
				       }
			
 
				
				       {
			
 
				
				         hostNames = [ "cloud.bombenverleih.de" "arkom.men" "kl.arkom.men" "cloud.arkom.men" ];
			
 
				
				-        proxyTo = { host = "fe80::461e:a1ff:fe59:2ee8"; httpPort = 80; httpsPort = 443; };
			
 
				
				+        proxyTo = { host = "172.22.99.192"; httpPort = 80; httpsPort = 443; };
			
 
				
				       }
			
 
				
				     ];
			
 
				
				   };
			
--- a/hosts/containers/public-access-proxy/proxy.nix
+++ b/hosts/containers/public-access-proxy/proxy.nix
@@ -76,24 +76,26 @@ in {
 
				
				     services.haproxy = {
			
 
				
				       enable = true;
			
 
				
				       config = ''
			
 
				
				-        resolvers dns
			
 
				
				-          nameserver quad9 9.9.9.9:53
			
 
				
				-          hold valid 1s
			
 
				
				-
			
 
				
				         frontend http-in
			
 
				
				           bind :::80 v4v6
			
 
				
				           timeout client 30000
			
 
				
				+          option http-tunnel
			
 
				
				           default_backend proxy-backend-http
			
 
				
				   
			
 
				
				         backend proxy-backend-http
			
 
				
				           timeout connect 5000
			
 
				
				           timeout check 5000
			
 
				
				           timeout server 30000
			
 
				
				+          mode http
			
 
				
				+          option http-server-close
			
 
				
				+          option forwardfor
			
 
				
				+          reqadd X-Forwarded-Proto:\ http
			
 
				
				+          reqadd X-Forwarded-Port:\ 80
			
 
				
				           ${concatMapStringsSep "\n" (proxyHost:
			
 
				
				             optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
			
 
				
				               concatMapStringsSep "\n" (hostname: ''
			
 
				
				                 use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
			
 
				
				-                server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000
			
 
				
				+                server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort}
			
 
				
				               ''
			
 
				
				               ) (proxyHost.hostNames)
			
 
				
				             )
			
@@ -109,11 +111,14 @@ in {
 
				
				           timeout connect 5000
			
 
				
				           timeout check 5000
			
 
				
				           timeout server 30000
			
 
				
				+          option http-server-close
			
 
				
				+          reqadd X-Forwarded-Proto:\ https
			
 
				
				+          reqadd X-Forwarded-Port:\ 443
			
 
				
				           ${concatMapStringsSep "\n" (proxyHost:
			
 
				
				             optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
			
 
				
				               concatMapStringsSep "\n" (hostname: ''
			
 
				
				                 use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
			
 
				
				-                server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000
			
 
				
				+                server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort}
			
 
				
				               ''
			
 
				
				               ) (proxyHost.hostNames)
			
 
				
				             )