Browse Source

contains/public-access-proxy: fixed forwarding

pull/1/head
Markus Schmidl 2 years ago
parent
commit
8842e84b0f
No account linked to committer's email address

+ 4
- 1
hosts/containers/public-access-proxy/configuration.nix View File

@@ -13,6 +13,9 @@
13 13
     ];
14 14
 
15 15
   networking.hostName = "public-access-proxy";
16
+  networking.useNetworkd = true;
17
+  networking.defaultGateway = "172.22.99.4";
18
+  networking.useDHCP = lib.mkForce true;
16 19
 
17 20
   my.services.proxy = {
18 21
     enable = true;
@@ -23,7 +26,7 @@
23 26
       }
24 27
       {
25 28
         hostNames = [ "cloud.bombenverleih.de" "arkom.men" "kl.arkom.men" "cloud.arkom.men" ];
26
-        proxyTo = { host = "fe80::461e:a1ff:fe59:2ee8"; httpPort = 80; httpsPort = 443; };
29
+        proxyTo = { host = "172.22.99.192"; httpPort = 80; httpsPort = 443; };
27 30
       }
28 31
     ];
29 32
   };

+ 11
- 6
hosts/containers/public-access-proxy/proxy.nix View File

@@ -76,24 +76,26 @@ in {
76 76
     services.haproxy = {
77 77
       enable = true;
78 78
       config = ''
79
-        resolvers dns
80
-          nameserver quad9 9.9.9.9:53
81
-          hold valid 1s
82
-
83 79
         frontend http-in
84 80
           bind :::80 v4v6
85 81
           timeout client 30000
82
+          option http-tunnel
86 83
           default_backend proxy-backend-http
87 84
   
88 85
         backend proxy-backend-http
89 86
           timeout connect 5000
90 87
           timeout check 5000
91 88
           timeout server 30000
89
+          mode http
90
+          option http-server-close
91
+          option forwardfor
92
+          reqadd X-Forwarded-Proto:\ http
93
+          reqadd X-Forwarded-Port:\ 80
92 94
           ${concatMapStringsSep "\n" (proxyHost:
93 95
             optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
94 96
               concatMapStringsSep "\n" (hostname: ''
95 97
                 use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
96
-                server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000
98
+                server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort}
97 99
               ''
98 100
               ) (proxyHost.hostNames)
99 101
             )
@@ -109,11 +111,14 @@ in {
109 111
           timeout connect 5000
110 112
           timeout check 5000
111 113
           timeout server 30000
114
+          option http-server-close
115
+          reqadd X-Forwarded-Proto:\ https
116
+          reqadd X-Forwarded-Port:\ 443
112 117
           ${concatMapStringsSep "\n" (proxyHost:
113 118
             optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
114 119
               concatMapStringsSep "\n" (hostname: ''
115 120
                 use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
116
-                server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000
121
+                server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort}
117 122
               ''
118 123
               ) (proxyHost.hostNames)
119 124
             )

Loading…
Cancel
Save