c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Enable proxyProtocol not together with old proxy method

This commit is contained in:
Sandro - 2024-03-14 18:41:02 +01:00
parent 3a6c6384ee
commit 5560deef4c
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
3 changed files with 35 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
hosts/public-access-proxy/default.nix
View File

@ -15,6 +15,7 @@
proxyHosts = [ { proxyHosts = [ {
hostNames = [ "auth.c3d2.de" ]; hostNames = [ "auth.c3d2.de" ];
proxyTo.host = hostRegistry.auth.ip4; proxyTo.host = hostRegistry.auth.ip4;
proxyProtocol = true;
} { } {
hostNames = [ "jabber.c3d2.de" ]; hostNames = [ "jabber.c3d2.de" ];
proxyTo = { proxyTo = {
@ -78,6 +79,8 @@
"nix-cache.hq.c3d2.de" "nix-cache.hq.c3d2.de"
]; ];
proxyTo.host = hostRegistry.hydra.ip4; proxyTo.host = hostRegistry.hydra.ip4;
# TODO: enable in hydra
# proxyProtocol = true;
} { } {
hostNames = [ hostNames = [
"zentralwerk.org" "zentralwerk.org"
@ -87,18 +90,23 @@
} { } {
hostNames = [ "mate.c3d2.de" "matemat.c3d2.de" "matemat.hq.c3d2.de" ]; hostNames = [ "mate.c3d2.de" "matemat.c3d2.de" "matemat.hq.c3d2.de" ];
proxyTo.host = hostRegistry.matemat.ip4; proxyTo.host = hostRegistry.matemat.ip4;
proxyProtocol = true;
} { } {
hostNames = [ hostNames = [
"element.c3d2.de" "element.c3d2.de"
"matrix.c3d2.de" "matrix.c3d2.de"
]; ];
proxyTo.host = hostRegistry.matrix.ip4; proxyTo.host = hostRegistry.matrix.ip4;
# TODO: enable in matrix
# proxyProtocol = true;
} { } {
hostNames = [ "mobilizon.c3d2.de" ]; hostNames = [ "mobilizon.c3d2.de" ];
proxyTo.host = hostRegistry.mobilizon.ip4; proxyTo.host = hostRegistry.mobilizon.ip4;
} { } {
hostNames = [ "drkkr.hq.c3d2.de" ]; hostNames = [ "drkkr.hq.c3d2.de" ];
proxyTo.host = hostRegistry.pulsebert.ip4; proxyTo.host = hostRegistry.pulsebert.ip4;
# TODO: enable in pipebert
# proxyProtocol = true;
} { } {
hostNames = [ "scrape.hq.c3d2.de" ]; hostNames = [ "scrape.hq.c3d2.de" ];
proxyTo.host = hostRegistry.scrape.ip4; proxyTo.host = hostRegistry.scrape.ip4;
@ -119,12 +127,15 @@
} { } {
hostNames = [ "wiki.c3d2.de" ]; hostNames = [ "wiki.c3d2.de" ];
proxyTo.host = hostRegistry.mediawiki.ip4; proxyTo.host = hostRegistry.mediawiki.ip4;
proxyProtocol = true;
} { } {
hostNames = [ "owncast.c3d2.de" ]; hostNames = [ "owncast.c3d2.de" ];
proxyTo.host = hostRegistry.owncast.ip4; proxyTo.host = hostRegistry.owncast.ip4;
} { } {
hostNames = [ "c3d2.social" ]; hostNames = [ "c3d2.social" ];
proxyTo.host = hostRegistry.mastodon.ip4; proxyTo.host = hostRegistry.mastodon.ip4;
# TODO: enable in mastodon
# proxyProtocol = true;
} { } {
hostNames = [ "relay.fedi.buzz" ]; hostNames = [ "relay.fedi.buzz" ];
proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.buzzrelay; proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.buzzrelay;
@ -135,12 +146,18 @@
} { } {
hostNames = [ "home-assistant.hq.c3d2.de" ]; hostNames = [ "home-assistant.hq.c3d2.de" ];
proxyTo.host = hostRegistry.home-assistant.ip4; proxyTo.host = hostRegistry.home-assistant.ip4;
# TODO: enable in home-assistant
# proxyProtocol = true;
} { } {
hostNames = [ "pretalx.c3d2.de" "talks.datenspuren.de" ]; hostNames = [ "pretalx.c3d2.de" "talks.datenspuren.de" ];
proxyTo.host = hostRegistry.pretalx.ip4; proxyTo.host = hostRegistry.pretalx.ip4;
# TODO: enable in pretalx
# proxyProtocol = true;
} { } {
hostNames = [ "vaultwarden.c3d2.de" ]; hostNames = [ "vaultwarden.c3d2.de" ];
proxyTo.host = hostRegistry.vaultwarden.ip4; proxyTo.host = hostRegistry.vaultwarden.ip4;
# TODO: enable in vaultwarden
# proxyProtocol = true;
} ]; } ];
}; };

14
hosts/public-access-proxy/proxy.nix
View File

@ -73,7 +73,7 @@ in
proxyProtocol = lib.mkOption { proxyProtocol = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = false;
description = "Whether to use proxy protocol to connect to the server."; description = "Whether to use proxy protocol to connect to the server.";
}; };
@ -137,8 +137,10 @@ in
lib.concatMapStrings (hostname: '' lib.concatMapStrings (hostname: ''
use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} } use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} }
server ${canonicalize hostname}-http ${proxyTo.host}:${toString proxyTo.httpPort} check ${lib.optionalString proxyProtocol "backup"} server ${canonicalize hostname}-http ${proxyTo.host}:${
${lib.optionalString proxyProtocol "server ${canonicalize hostname}-proxy-http ${proxyTo.host}:${toString proxyTo.proxyHttpPort} check send-proxy-v2"} if proxyProtocol then "${toString proxyTo.proxyHttpPort} check send-proxy-v2"
else "${toString proxyTo.httpPort} check"
}
'') hostNames '') hostNames
) )
) cfg.proxyHosts ) cfg.proxyHosts
@ -159,8 +161,10 @@ in
${lib.concatMapStrings ({ proxyTo, proxyProtocol, ... }: '' ${lib.concatMapStrings ({ proxyTo, proxyProtocol, ... }: ''
backend ${canonicalize proxyTo.host}-https backend ${canonicalize proxyTo.host}-https
server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${toString proxyTo.httpsPort} check ${lib.optionalString proxyProtocol "backup"} server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${
${lib.optionalString proxyProtocol "server ${canonicalize proxyTo.host}-proxy-https ${proxyTo.host}:${toString proxyTo.proxyHttpsPort} check send-proxy-v2"} if proxyProtocol then "${toString proxyTo.proxyHttpsPort} check send-proxy-v2"
else "${toString proxyTo.httpsPort} check"
}
'') cfg.proxyHosts} '') cfg.proxyHosts}
''; '';
}; };

19
lib/nginx.nix
View File

@ -3,16 +3,15 @@ _:
{ {
defaultListen = let defaultListen = let
listen = [ listen = [
# breaks satisfy any {
# { addr = "[::]";
# addr = "[::]"; port = 80;
# port = 80; }
# } {
# { addr = "[::]";
# addr = "[::]"; port = 443;
# port = 443; ssl = true;
# ssl = true; }
# }
{ {
addr = "[::]"; addr = "[::]";
port = 8080; port = 8080;