Browse Source

storage-ng/public-address-proxy: fixed errors

container/radius
Markus Schmidl 2 years ago
parent
commit
bc1118fccf

+ 3
- 9
hosts/storage-ng/public-access-proxy/configuration.nix View File

@@ -28,15 +28,15 @@
28 28
 
29 29
   services.openssh = {
30 30
     enable = true;
31
-    permitRootLogin = "prohibit-password";
31
+    permitRootLogin = "yes";
32 32
     ports = [ 1122 ];
33 33
   };
34 34
 
35
-  services.my.proxy = {
35
+  my.services.proxy = {
36 36
     enable = true;
37 37
     proxyHosts = [
38 38
       {
39
-        hostNames = [ "mdm.arkom.men" ];
39
+        hostNames = [ "c3d2.arkom.men" "test.arkom.men" ];
40 40
         proxyTo = { host = "cloud.bombenverleih.de"; httpPort = 80; httpsPort = 443; };
41 41
       }
42 42
     ];
@@ -47,12 +47,6 @@
47 47
     443
48 48
    ];
49 49
 
50
-  users.extraUsers.k-ot = {
51
-    inNormalUser = true;
52
-    uid = 1000;
53
-    extraGroups = [ "wheel" ];
54
-  };
55
-
56 50
   system.stateVersion = "18.09"; # Did you read the comment?
57 51
 
58 52
 }

+ 26
- 13
hosts/storage-ng/public-access-proxy/proxy.nix View File

@@ -6,7 +6,7 @@ let
6 6
 
7 7
 in {
8 8
 
9
-  options.my.serices.proxy = {
9
+  options.my.services.proxy = {
10 10
 
11 11
     enable = mkOption {
12 12
       default = false;
@@ -22,7 +22,7 @@ in {
22 22
               type = types.listOf types.str;
23 23
               default = [];
24 24
               description = ''
25
-                Proxy these hostnames.
25
+                Proxy these hostNames.
26 26
               '';
27 27
             };
28 28
             proxyTo = mkOption {
@@ -58,6 +58,7 @@ in {
58 58
               '';
59 59
               default = {};
60 60
             };
61
+          };
61 62
 
62 63
         }));
63 64
       default = [];
@@ -75,20 +76,28 @@ in {
75 76
     services.haproxy = {
76 77
       enable = true;
77 78
       config = ''
79
+        resolvers dns
80
+          nameservers quad9 9.9.9.9:53
81
+          hold valid 1s
82
+
78 83
         frontend http-in
79 84
           bind *:80
80 85
           default_backend proxy-backend-http
81 86
   
82 87
         backend proxy-backend-http
83
-          ${concatMapStringSep "\n" (proxyHost:
88
+          timeout connect 5000
89
+          timeout check 5000
90
+          timeout client 30000
91
+          timeout server 30000
92
+          ${concatMapStringsSep "\n" (proxyHost:
84 93
             optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
85
-              concatMapStringSep "\n" (hostname: ''
94
+              concatMapStringsSep "\n" (hostname: ''
86 95
                 use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
87
-                server ${hostname}-http ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpPort} weight 0
96
+                server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000
88 97
               ''
89
-              ) (attrValues proxyHost.hostnames)
98
+              ) (proxyHost.hostNames)
90 99
             )
91
-          ) (attrValues cfg.proxyHosts)
100
+          ) (cfg.proxyHosts)
92 101
           }
93 102
 
94 103
         frontend https-in
@@ -96,17 +105,21 @@ in {
96 105
           default_backend proxy-backend-https
97 106
 
98 107
         backend proxy-backend-https
99
-          ${concatMapStringSep "\n" (proxyHost:
108
+          timeout connect 5000
109
+          timeout check 5000
110
+          timeout client 30000
111
+          timeout server 30000
112
+          ${concatMapStringsSep "\n" (proxyHost:
100 113
             optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
101
-              concatMapStringSep "\n" (hostname: ''
114
+              concatMapStringsSep "\n" (hostname: ''
102 115
                 use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
103
-                server ${hostname}-https ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpsPort} weight 0
116
+                server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000
104 117
               ''
105
-              ) (attrValues proxyHost.hostnames)
118
+              ) (proxyHost.hostNames)
106 119
             )
107
-          ) (attrValues cfg.proxyHosts)
120
+          ) (cfg.proxyHosts)
108 121
           }
109 122
       '';
110 123
     };
111
-
124
+  };
112 125
 }

Loading…
Cancel
Save