|
|
|
@ -6,7 +6,7 @@ let
|
|
|
|
|
|
|
|
|
|
in { |
|
|
|
|
|
|
|
|
|
options.my.serices.proxy = { |
|
|
|
|
options.my.services.proxy = { |
|
|
|
|
|
|
|
|
|
enable = mkOption { |
|
|
|
|
default = false; |
|
|
|
@ -22,7 +22,7 @@ in {
|
|
|
|
|
type = types.listOf types.str; |
|
|
|
|
default = []; |
|
|
|
|
description = '' |
|
|
|
|
Proxy these hostnames. |
|
|
|
|
Proxy these hostNames. |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
proxyTo = mkOption { |
|
|
|
@ -58,6 +58,7 @@ in {
|
|
|
|
|
''; |
|
|
|
|
default = {}; |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
})); |
|
|
|
|
default = []; |
|
|
|
@ -75,20 +76,28 @@ in {
|
|
|
|
|
services.haproxy = { |
|
|
|
|
enable = true; |
|
|
|
|
config = '' |
|
|
|
|
resolvers dns |
|
|
|
|
nameservers quad9 9.9.9.9:53 |
|
|
|
|
hold valid 1s |
|
|
|
|
|
|
|
|
|
frontend http-in |
|
|
|
|
bind *:80 |
|
|
|
|
default_backend proxy-backend-http |
|
|
|
|
|
|
|
|
|
backend proxy-backend-http |
|
|
|
|
${concatMapStringSep "\n" (proxyHost: |
|
|
|
|
timeout connect 5000 |
|
|
|
|
timeout check 5000 |
|
|
|
|
timeout client 30000 |
|
|
|
|
timeout server 30000 |
|
|
|
|
${concatMapStringsSep "\n" (proxyHost: |
|
|
|
|
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) ( |
|
|
|
|
concatMapStringSep "\n" (hostname: '' |
|
|
|
|
concatMapStringsSep "\n" (hostname: '' |
|
|
|
|
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} } |
|
|
|
|
server ${hostname}-http ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpPort} weight 0 |
|
|
|
|
server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000 |
|
|
|
|
'' |
|
|
|
|
) (attrValues proxyHost.hostnames) |
|
|
|
|
) (proxyHost.hostNames) |
|
|
|
|
) |
|
|
|
|
) (attrValues cfg.proxyHosts) |
|
|
|
|
) (cfg.proxyHosts) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
frontend https-in |
|
|
|
@ -96,17 +105,21 @@ in {
|
|
|
|
|
default_backend proxy-backend-https |
|
|
|
|
|
|
|
|
|
backend proxy-backend-https |
|
|
|
|
${concatMapStringSep "\n" (proxyHost: |
|
|
|
|
timeout connect 5000 |
|
|
|
|
timeout check 5000 |
|
|
|
|
timeout client 30000 |
|
|
|
|
timeout server 30000 |
|
|
|
|
${concatMapStringsSep "\n" (proxyHost: |
|
|
|
|
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) ( |
|
|
|
|
concatMapStringSep "\n" (hostname: '' |
|
|
|
|
concatMapStringsSep "\n" (hostname: '' |
|
|
|
|
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} } |
|
|
|
|
server ${hostname}-https ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpsPort} weight 0 |
|
|
|
|
server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000 |
|
|
|
|
'' |
|
|
|
|
) (attrValues proxyHost.hostnames) |
|
|
|
|
) (proxyHost.hostNames) |
|
|
|
|
) |
|
|
|
|
) (attrValues cfg.proxyHosts) |
|
|
|
|
) (cfg.proxyHosts) |
|
|
|
|
} |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
}; |
|
|
|
|
} |
|
|
|
|