Enable proxyProtocol not together with old proxy method
This commit is contained in:
parent
3a6c6384ee
commit
5560deef4c
|
@ -15,6 +15,7 @@
|
||||||
proxyHosts = [ {
|
proxyHosts = [ {
|
||||||
hostNames = [ "auth.c3d2.de" ];
|
hostNames = [ "auth.c3d2.de" ];
|
||||||
proxyTo.host = hostRegistry.auth.ip4;
|
proxyTo.host = hostRegistry.auth.ip4;
|
||||||
|
proxyProtocol = true;
|
||||||
} {
|
} {
|
||||||
hostNames = [ "jabber.c3d2.de" ];
|
hostNames = [ "jabber.c3d2.de" ];
|
||||||
proxyTo = {
|
proxyTo = {
|
||||||
|
@ -78,6 +79,8 @@
|
||||||
"nix-cache.hq.c3d2.de"
|
"nix-cache.hq.c3d2.de"
|
||||||
];
|
];
|
||||||
proxyTo.host = hostRegistry.hydra.ip4;
|
proxyTo.host = hostRegistry.hydra.ip4;
|
||||||
|
# TODO: enable in hydra
|
||||||
|
# proxyProtocol = true;
|
||||||
} {
|
} {
|
||||||
hostNames = [
|
hostNames = [
|
||||||
"zentralwerk.org"
|
"zentralwerk.org"
|
||||||
|
@ -87,18 +90,23 @@
|
||||||
} {
|
} {
|
||||||
hostNames = [ "mate.c3d2.de" "matemat.c3d2.de" "matemat.hq.c3d2.de" ];
|
hostNames = [ "mate.c3d2.de" "matemat.c3d2.de" "matemat.hq.c3d2.de" ];
|
||||||
proxyTo.host = hostRegistry.matemat.ip4;
|
proxyTo.host = hostRegistry.matemat.ip4;
|
||||||
|
proxyProtocol = true;
|
||||||
} {
|
} {
|
||||||
hostNames = [
|
hostNames = [
|
||||||
"element.c3d2.de"
|
"element.c3d2.de"
|
||||||
"matrix.c3d2.de"
|
"matrix.c3d2.de"
|
||||||
];
|
];
|
||||||
proxyTo.host = hostRegistry.matrix.ip4;
|
proxyTo.host = hostRegistry.matrix.ip4;
|
||||||
|
# TODO: enable in matrix
|
||||||
|
# proxyProtocol = true;
|
||||||
} {
|
} {
|
||||||
hostNames = [ "mobilizon.c3d2.de" ];
|
hostNames = [ "mobilizon.c3d2.de" ];
|
||||||
proxyTo.host = hostRegistry.mobilizon.ip4;
|
proxyTo.host = hostRegistry.mobilizon.ip4;
|
||||||
} {
|
} {
|
||||||
hostNames = [ "drkkr.hq.c3d2.de" ];
|
hostNames = [ "drkkr.hq.c3d2.de" ];
|
||||||
proxyTo.host = hostRegistry.pulsebert.ip4;
|
proxyTo.host = hostRegistry.pulsebert.ip4;
|
||||||
|
# TODO: enable in pipebert
|
||||||
|
# proxyProtocol = true;
|
||||||
} {
|
} {
|
||||||
hostNames = [ "scrape.hq.c3d2.de" ];
|
hostNames = [ "scrape.hq.c3d2.de" ];
|
||||||
proxyTo.host = hostRegistry.scrape.ip4;
|
proxyTo.host = hostRegistry.scrape.ip4;
|
||||||
|
@ -119,12 +127,15 @@
|
||||||
} {
|
} {
|
||||||
hostNames = [ "wiki.c3d2.de" ];
|
hostNames = [ "wiki.c3d2.de" ];
|
||||||
proxyTo.host = hostRegistry.mediawiki.ip4;
|
proxyTo.host = hostRegistry.mediawiki.ip4;
|
||||||
|
proxyProtocol = true;
|
||||||
} {
|
} {
|
||||||
hostNames = [ "owncast.c3d2.de" ];
|
hostNames = [ "owncast.c3d2.de" ];
|
||||||
proxyTo.host = hostRegistry.owncast.ip4;
|
proxyTo.host = hostRegistry.owncast.ip4;
|
||||||
} {
|
} {
|
||||||
hostNames = [ "c3d2.social" ];
|
hostNames = [ "c3d2.social" ];
|
||||||
proxyTo.host = hostRegistry.mastodon.ip4;
|
proxyTo.host = hostRegistry.mastodon.ip4;
|
||||||
|
# TODO: enable in mastodon
|
||||||
|
# proxyProtocol = true;
|
||||||
} {
|
} {
|
||||||
hostNames = [ "relay.fedi.buzz" ];
|
hostNames = [ "relay.fedi.buzz" ];
|
||||||
proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.buzzrelay;
|
proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.buzzrelay;
|
||||||
|
@ -135,12 +146,18 @@
|
||||||
} {
|
} {
|
||||||
hostNames = [ "home-assistant.hq.c3d2.de" ];
|
hostNames = [ "home-assistant.hq.c3d2.de" ];
|
||||||
proxyTo.host = hostRegistry.home-assistant.ip4;
|
proxyTo.host = hostRegistry.home-assistant.ip4;
|
||||||
|
# TODO: enable in home-assistant
|
||||||
|
# proxyProtocol = true;
|
||||||
} {
|
} {
|
||||||
hostNames = [ "pretalx.c3d2.de" "talks.datenspuren.de" ];
|
hostNames = [ "pretalx.c3d2.de" "talks.datenspuren.de" ];
|
||||||
proxyTo.host = hostRegistry.pretalx.ip4;
|
proxyTo.host = hostRegistry.pretalx.ip4;
|
||||||
|
# TODO: enable in pretalx
|
||||||
|
# proxyProtocol = true;
|
||||||
} {
|
} {
|
||||||
hostNames = [ "vaultwarden.c3d2.de" ];
|
hostNames = [ "vaultwarden.c3d2.de" ];
|
||||||
proxyTo.host = hostRegistry.vaultwarden.ip4;
|
proxyTo.host = hostRegistry.vaultwarden.ip4;
|
||||||
|
# TODO: enable in vaultwarden
|
||||||
|
# proxyProtocol = true;
|
||||||
} ];
|
} ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -73,7 +73,7 @@ in
|
||||||
|
|
||||||
proxyProtocol = lib.mkOption {
|
proxyProtocol = lib.mkOption {
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
default = true;
|
default = false;
|
||||||
description = "Whether to use proxy protocol to connect to the server.";
|
description = "Whether to use proxy protocol to connect to the server.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -137,8 +137,10 @@ in
|
||||||
lib.concatMapStrings (hostname: ''
|
lib.concatMapStrings (hostname: ''
|
||||||
|
|
||||||
use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} }
|
use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} }
|
||||||
server ${canonicalize hostname}-http ${proxyTo.host}:${toString proxyTo.httpPort} check ${lib.optionalString proxyProtocol "backup"}
|
server ${canonicalize hostname}-http ${proxyTo.host}:${
|
||||||
${lib.optionalString proxyProtocol "server ${canonicalize hostname}-proxy-http ${proxyTo.host}:${toString proxyTo.proxyHttpPort} check send-proxy-v2"}
|
if proxyProtocol then "${toString proxyTo.proxyHttpPort} check send-proxy-v2"
|
||||||
|
else "${toString proxyTo.httpPort} check"
|
||||||
|
}
|
||||||
'') hostNames
|
'') hostNames
|
||||||
)
|
)
|
||||||
) cfg.proxyHosts
|
) cfg.proxyHosts
|
||||||
|
@ -159,8 +161,10 @@ in
|
||||||
${lib.concatMapStrings ({ proxyTo, proxyProtocol, ... }: ''
|
${lib.concatMapStrings ({ proxyTo, proxyProtocol, ... }: ''
|
||||||
|
|
||||||
backend ${canonicalize proxyTo.host}-https
|
backend ${canonicalize proxyTo.host}-https
|
||||||
server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${toString proxyTo.httpsPort} check ${lib.optionalString proxyProtocol "backup"}
|
server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${
|
||||||
${lib.optionalString proxyProtocol "server ${canonicalize proxyTo.host}-proxy-https ${proxyTo.host}:${toString proxyTo.proxyHttpsPort} check send-proxy-v2"}
|
if proxyProtocol then "${toString proxyTo.proxyHttpsPort} check send-proxy-v2"
|
||||||
|
else "${toString proxyTo.httpsPort} check"
|
||||||
|
}
|
||||||
'') cfg.proxyHosts}
|
'') cfg.proxyHosts}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -3,16 +3,15 @@ _:
|
||||||
{
|
{
|
||||||
defaultListen = let
|
defaultListen = let
|
||||||
listen = [
|
listen = [
|
||||||
# breaks satisfy any
|
{
|
||||||
# {
|
addr = "[::]";
|
||||||
# addr = "[::]";
|
port = 80;
|
||||||
# port = 80;
|
}
|
||||||
# }
|
{
|
||||||
# {
|
addr = "[::]";
|
||||||
# addr = "[::]";
|
port = 443;
|
||||||
# port = 443;
|
ssl = true;
|
||||||
# ssl = true;
|
}
|
||||||
# }
|
|
||||||
{
|
{
|
||||||
addr = "[::]";
|
addr = "[::]";
|
||||||
port = 8080;
|
port = 8080;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user