|
|
|
@ -6,7 +6,7 @@ let
|
|
|
|
|
|
|
|
|
|
in {
|
|
|
|
|
|
|
|
|
|
options.my.serices.proxy = {
|
|
|
|
|
options.my.services.proxy = {
|
|
|
|
|
|
|
|
|
|
enable = mkOption {
|
|
|
|
|
default = false;
|
|
|
|
@ -22,7 +22,7 @@ in {
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
default = [];
|
|
|
|
|
description = ''
|
|
|
|
|
Proxy these hostnames.
|
|
|
|
|
Proxy these hostNames.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
proxyTo = mkOption {
|
|
|
|
@ -58,6 +58,7 @@ in {
|
|
|
|
|
'';
|
|
|
|
|
default = {};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
}));
|
|
|
|
|
default = [];
|
|
|
|
@ -75,20 +76,28 @@ in {
|
|
|
|
|
services.haproxy = {
|
|
|
|
|
enable = true;
|
|
|
|
|
config = ''
|
|
|
|
|
resolvers dns
|
|
|
|
|
nameservers quad9 9.9.9.9:53
|
|
|
|
|
hold valid 1s
|
|
|
|
|
|
|
|
|
|
frontend http-in
|
|
|
|
|
bind *:80
|
|
|
|
|
default_backend proxy-backend-http
|
|
|
|
|
|
|
|
|
|
backend proxy-backend-http
|
|
|
|
|
${concatMapStringSep "\n" (proxyHost:
|
|
|
|
|
timeout connect 5000
|
|
|
|
|
timeout check 5000
|
|
|
|
|
timeout client 30000
|
|
|
|
|
timeout server 30000
|
|
|
|
|
${concatMapStringsSep "\n" (proxyHost:
|
|
|
|
|
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
|
|
|
|
concatMapStringSep "\n" (hostname: ''
|
|
|
|
|
concatMapStringsSep "\n" (hostname: ''
|
|
|
|
|
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
|
|
|
|
|
server ${hostname}-http ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpPort} weight 0
|
|
|
|
|
server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000
|
|
|
|
|
''
|
|
|
|
|
) (attrValues proxyHost.hostnames)
|
|
|
|
|
) (proxyHost.hostNames)
|
|
|
|
|
)
|
|
|
|
|
) (attrValues cfg.proxyHosts)
|
|
|
|
|
) (cfg.proxyHosts)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
frontend https-in
|
|
|
|
@ -96,17 +105,21 @@ in {
|
|
|
|
|
default_backend proxy-backend-https
|
|
|
|
|
|
|
|
|
|
backend proxy-backend-https
|
|
|
|
|
${concatMapStringSep "\n" (proxyHost:
|
|
|
|
|
timeout connect 5000
|
|
|
|
|
timeout check 5000
|
|
|
|
|
timeout client 30000
|
|
|
|
|
timeout server 30000
|
|
|
|
|
${concatMapStringsSep "\n" (proxyHost:
|
|
|
|
|
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
|
|
|
|
concatMapStringSep "\n" (hostname: ''
|
|
|
|
|
concatMapStringsSep "\n" (hostname: ''
|
|
|
|
|
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
|
|
|
|
|
server ${hostname}-https ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpsPort} weight 0
|
|
|
|
|
server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000
|
|
|
|
|
''
|
|
|
|
|
) (attrValues proxyHost.hostnames)
|
|
|
|
|
) (proxyHost.hostNames)
|
|
|
|
|
)
|
|
|
|
|
) (attrValues cfg.proxyHosts)
|
|
|
|
|
) (cfg.proxyHosts)
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|