c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

public-access-proxy: fix settings

This commit is contained in:
Astro 2021-07-14 18:53:12 +02:00
parent e89e2b9c7a
commit e925dfd0c5
1 changed files with 14 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
hosts/containers/public-access-proxy/proxy.nix
View File

@ -76,16 +76,18 @@ in {
services.haproxy = {
enable = true;
config = ''
defaults
timeout client 30000
timeout connect 5000
timeout check 5000
timeout server 30000
frontend http-in
bind :::80 v4v6
timeout client 30000
option http-keep-alive
default_backend proxy-backend-http
backend proxy-backend-http
timeout connect 5000
timeout check 5000
timeout server 30000
mode http
option http-server-close
option forwardfor
@ -99,33 +101,28 @@ in {
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
server ${hostname}-http ${proxyHost.proxyTo.host}:${
toString proxyHost.proxyTo.httpPort
}
} weight 0
'') (proxyHost.hostNames))) (cfg.proxyHosts)
}
frontend https-in
bind :::443 v4v6
timeout client 30000
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend proxy-backend-https
backend proxy-backend-https
timeout connect 5000
timeout check 5000
timeout server 30000
option http-server-close
http-request set-header X-Forwarded-Proto https
http-request set-header X-Forwarded-Port 443
${
concatMapStringsSep "\n" (proxyHost:
optionalString
${
concatMapStringsSep "\n" (proxyHost:
optionalString
(proxyHost.hostNames != [ ] && proxyHost.proxyTo.host != null)
(concatMapStringsSep "\n" (hostname: ''
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
server ${hostname}-https ${proxyHost.proxyTo.host}:${
toString proxyHost.proxyTo.httpsPort
}
} weight 0
'') (proxyHost.hostNames))) (cfg.proxyHosts)
}
}
'';
};
};