contains/public-access-proxy: fixed forwarding
Dieser Commit ist enthalten in:
Ursprung
e72e0f1f28
Commit
8842e84b0f
|
@ -13,6 +13,9 @@
|
|||
];
|
||||
|
||||
networking.hostName = "public-access-proxy";
|
||||
networking.useNetworkd = true;
|
||||
networking.defaultGateway = "172.22.99.4";
|
||||
networking.useDHCP = lib.mkForce true;
|
||||
|
||||
my.services.proxy = {
|
||||
enable = true;
|
||||
|
@ -23,7 +26,7 @@
|
|||
}
|
||||
{
|
||||
hostNames = [ "cloud.bombenverleih.de" "arkom.men" "kl.arkom.men" "cloud.arkom.men" ];
|
||||
proxyTo = { host = "fe80::461e:a1ff:fe59:2ee8"; httpPort = 80; httpsPort = 443; };
|
||||
proxyTo = { host = "172.22.99.192"; httpPort = 80; httpsPort = 443; };
|
||||
}
|
||||
];
|
||||
};
|
||||
|
|
|
@ -76,24 +76,26 @@ in {
|
|||
services.haproxy = {
|
||||
enable = true;
|
||||
config = ''
|
||||
resolvers dns
|
||||
nameserver quad9 9.9.9.9:53
|
||||
hold valid 1s
|
||||
|
||||
frontend http-in
|
||||
bind :::80 v4v6
|
||||
timeout client 30000
|
||||
option http-tunnel
|
||||
default_backend proxy-backend-http
|
||||
|
||||
backend proxy-backend-http
|
||||
timeout connect 5000
|
||||
timeout check 5000
|
||||
timeout server 30000
|
||||
mode http
|
||||
option http-server-close
|
||||
option forwardfor
|
||||
reqadd X-Forwarded-Proto:\ http
|
||||
reqadd X-Forwarded-Port:\ 80
|
||||
${concatMapStringsSep "\n" (proxyHost:
|
||||
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
||||
concatMapStringsSep "\n" (hostname: ''
|
||||
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
|
||||
server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000
|
||||
server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort}
|
||||
''
|
||||
) (proxyHost.hostNames)
|
||||
)
|
||||
|
@ -109,11 +111,14 @@ in {
|
|||
timeout connect 5000
|
||||
timeout check 5000
|
||||
timeout server 30000
|
||||
option http-server-close
|
||||
reqadd X-Forwarded-Proto:\ https
|
||||
reqadd X-Forwarded-Port:\ 443
|
||||
${concatMapStringsSep "\n" (proxyHost:
|
||||
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
||||
concatMapStringsSep "\n" (hostname: ''
|
||||
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
|
||||
server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000
|
||||
server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort}
|
||||
''
|
||||
) (proxyHost.hostNames)
|
||||
)
|
||||
|
|
Laden…
In neuem Issue referenzieren