public-access-proxy: fix settings
This commit is contained in:
parent
e89e2b9c7a
commit
e925dfd0c5
|
@ -76,16 +76,18 @@ in {
|
||||||
services.haproxy = {
|
services.haproxy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
config = ''
|
config = ''
|
||||||
|
defaults
|
||||||
|
timeout client 30000
|
||||||
|
timeout connect 5000
|
||||||
|
timeout check 5000
|
||||||
|
timeout server 30000
|
||||||
|
|
||||||
frontend http-in
|
frontend http-in
|
||||||
bind :::80 v4v6
|
bind :::80 v4v6
|
||||||
timeout client 30000
|
|
||||||
option http-keep-alive
|
option http-keep-alive
|
||||||
default_backend proxy-backend-http
|
default_backend proxy-backend-http
|
||||||
|
|
||||||
backend proxy-backend-http
|
backend proxy-backend-http
|
||||||
timeout connect 5000
|
|
||||||
timeout check 5000
|
|
||||||
timeout server 30000
|
|
||||||
mode http
|
mode http
|
||||||
option http-server-close
|
option http-server-close
|
||||||
option forwardfor
|
option forwardfor
|
||||||
|
@ -99,33 +101,28 @@ in {
|
||||||
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
|
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
|
||||||
server ${hostname}-http ${proxyHost.proxyTo.host}:${
|
server ${hostname}-http ${proxyHost.proxyTo.host}:${
|
||||||
toString proxyHost.proxyTo.httpPort
|
toString proxyHost.proxyTo.httpPort
|
||||||
}
|
} weight 0
|
||||||
'') (proxyHost.hostNames))) (cfg.proxyHosts)
|
'') (proxyHost.hostNames))) (cfg.proxyHosts)
|
||||||
}
|
}
|
||||||
|
|
||||||
frontend https-in
|
frontend https-in
|
||||||
bind :::443 v4v6
|
bind :::443 v4v6
|
||||||
timeout client 30000
|
tcp-request inspect-delay 5s
|
||||||
|
tcp-request content accept if { req_ssl_hello_type 1 }
|
||||||
default_backend proxy-backend-https
|
default_backend proxy-backend-https
|
||||||
|
|
||||||
backend proxy-backend-https
|
backend proxy-backend-https
|
||||||
timeout connect 5000
|
${
|
||||||
timeout check 5000
|
concatMapStringsSep "\n" (proxyHost:
|
||||||
timeout server 30000
|
optionalString
|
||||||
option http-server-close
|
|
||||||
http-request set-header X-Forwarded-Proto https
|
|
||||||
http-request set-header X-Forwarded-Port 443
|
|
||||||
${
|
|
||||||
concatMapStringsSep "\n" (proxyHost:
|
|
||||||
optionalString
|
|
||||||
(proxyHost.hostNames != [ ] && proxyHost.proxyTo.host != null)
|
(proxyHost.hostNames != [ ] && proxyHost.proxyTo.host != null)
|
||||||
(concatMapStringsSep "\n" (hostname: ''
|
(concatMapStringsSep "\n" (hostname: ''
|
||||||
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
|
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
|
||||||
server ${hostname}-https ${proxyHost.proxyTo.host}:${
|
server ${hostname}-https ${proxyHost.proxyTo.host}:${
|
||||||
toString proxyHost.proxyTo.httpsPort
|
toString proxyHost.proxyTo.httpsPort
|
||||||
}
|
} weight 0
|
||||||
'') (proxyHost.hostNames))) (cfg.proxyHosts)
|
'') (proxyHost.hostNames))) (cfg.proxyHosts)
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue
Block a user