contains/public-access-proxy: fixed forwarding
This commit is contained in:
parent
e72e0f1f28
commit
8842e84b0f
|
@ -13,6 +13,9 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "public-access-proxy";
|
networking.hostName = "public-access-proxy";
|
||||||
|
networking.useNetworkd = true;
|
||||||
|
networking.defaultGateway = "172.22.99.4";
|
||||||
|
networking.useDHCP = lib.mkForce true;
|
||||||
|
|
||||||
my.services.proxy = {
|
my.services.proxy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -23,7 +26,7 @@
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostNames = [ "cloud.bombenverleih.de" "arkom.men" "kl.arkom.men" "cloud.arkom.men" ];
|
hostNames = [ "cloud.bombenverleih.de" "arkom.men" "kl.arkom.men" "cloud.arkom.men" ];
|
||||||
proxyTo = { host = "fe80::461e:a1ff:fe59:2ee8"; httpPort = 80; httpsPort = 443; };
|
proxyTo = { host = "172.22.99.192"; httpPort = 80; httpsPort = 443; };
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -76,24 +76,26 @@ in {
|
||||||
services.haproxy = {
|
services.haproxy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
config = ''
|
config = ''
|
||||||
resolvers dns
|
|
||||||
nameserver quad9 9.9.9.9:53
|
|
||||||
hold valid 1s
|
|
||||||
|
|
||||||
frontend http-in
|
frontend http-in
|
||||||
bind :::80 v4v6
|
bind :::80 v4v6
|
||||||
timeout client 30000
|
timeout client 30000
|
||||||
|
option http-tunnel
|
||||||
default_backend proxy-backend-http
|
default_backend proxy-backend-http
|
||||||
|
|
||||||
backend proxy-backend-http
|
backend proxy-backend-http
|
||||||
timeout connect 5000
|
timeout connect 5000
|
||||||
timeout check 5000
|
timeout check 5000
|
||||||
timeout server 30000
|
timeout server 30000
|
||||||
|
mode http
|
||||||
|
option http-server-close
|
||||||
|
option forwardfor
|
||||||
|
reqadd X-Forwarded-Proto:\ http
|
||||||
|
reqadd X-Forwarded-Port:\ 80
|
||||||
${concatMapStringsSep "\n" (proxyHost:
|
${concatMapStringsSep "\n" (proxyHost:
|
||||||
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
||||||
concatMapStringsSep "\n" (hostname: ''
|
concatMapStringsSep "\n" (hostname: ''
|
||||||
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
|
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
|
||||||
server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000
|
server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort}
|
||||||
''
|
''
|
||||||
) (proxyHost.hostNames)
|
) (proxyHost.hostNames)
|
||||||
)
|
)
|
||||||
|
@ -109,11 +111,14 @@ in {
|
||||||
timeout connect 5000
|
timeout connect 5000
|
||||||
timeout check 5000
|
timeout check 5000
|
||||||
timeout server 30000
|
timeout server 30000
|
||||||
|
option http-server-close
|
||||||
|
reqadd X-Forwarded-Proto:\ https
|
||||||
|
reqadd X-Forwarded-Port:\ 443
|
||||||
${concatMapStringsSep "\n" (proxyHost:
|
${concatMapStringsSep "\n" (proxyHost:
|
||||||
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
||||||
concatMapStringsSep "\n" (hostname: ''
|
concatMapStringsSep "\n" (hostname: ''
|
||||||
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
|
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
|
||||||
server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000
|
server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort}
|
||||||
''
|
''
|
||||||
) (proxyHost.hostNames)
|
) (proxyHost.hostNames)
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in New Issue