contains/public-access-proxy: fixed forwarding

Bu işleme şunda yer alıyor:
Markus Schmidl 2019-06-22 15:05:13 +02:00
ebeveyn e72e0f1f28
işleme 8842e84b0f
Veri tabanında bu imza için bilinen anahtar bulunamadı
GPG Anahtar Kimliği: D46166FD1DEEE69C
2 değiştirilmiş dosya ile 15 ekleme ve 7 silme

Dosyayı Görüntüle

@ -13,6 +13,9 @@
];
networking.hostName = "public-access-proxy";
networking.useNetworkd = true;
networking.defaultGateway = "172.22.99.4";
networking.useDHCP = lib.mkForce true;
my.services.proxy = {
enable = true;
@ -23,7 +26,7 @@
}
{
hostNames = [ "cloud.bombenverleih.de" "arkom.men" "kl.arkom.men" "cloud.arkom.men" ];
proxyTo = { host = "fe80::461e:a1ff:fe59:2ee8"; httpPort = 80; httpsPort = 443; };
proxyTo = { host = "172.22.99.192"; httpPort = 80; httpsPort = 443; };
}
];
};

Dosyayı Görüntüle

@ -76,24 +76,26 @@ in {
services.haproxy = {
enable = true;
config = ''
resolvers dns
nameserver quad9 9.9.9.9:53
hold valid 1s
frontend http-in
bind :::80 v4v6
timeout client 30000
option http-tunnel
default_backend proxy-backend-http
backend proxy-backend-http
timeout connect 5000
timeout check 5000
timeout server 30000
mode http
option http-server-close
option forwardfor
reqadd X-Forwarded-Proto:\ http
reqadd X-Forwarded-Port:\ 80
${concatMapStringsSep "\n" (proxyHost:
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
concatMapStringsSep "\n" (hostname: ''
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000
server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort}
''
) (proxyHost.hostNames)
)
@ -109,11 +111,14 @@ in {
timeout connect 5000
timeout check 5000
timeout server 30000
option http-server-close
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 443
${concatMapStringsSep "\n" (proxyHost:
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
concatMapStringsSep "\n" (hostname: ''
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000
server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort}
''
) (proxyHost.hostNames)
)