Browse Source

storage-ng/public-address-proxy: fixed errors

container/radius
Markus Schmidl 3 years ago
parent
commit
bc1118fccf
  1. 12
      hosts/storage-ng/public-access-proxy/configuration.nix
  2. 39
      hosts/storage-ng/public-access-proxy/proxy.nix

12
hosts/storage-ng/public-access-proxy/configuration.nix

@ -28,15 +28,15 @@
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
permitRootLogin = "yes";
ports = [ 1122 ];
};
services.my.proxy = {
my.services.proxy = {
enable = true;
proxyHosts = [
{
hostNames = [ "mdm.arkom.men" ];
hostNames = [ "c3d2.arkom.men" "test.arkom.men" ];
proxyTo = { host = "cloud.bombenverleih.de"; httpPort = 80; httpsPort = 443; };
}
];
@ -47,12 +47,6 @@
443
];
users.extraUsers.k-ot = {
inNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" ];
};
system.stateVersion = "18.09"; # Did you read the comment?
}

39
hosts/storage-ng/public-access-proxy/proxy.nix

@ -6,7 +6,7 @@ let
in {
options.my.serices.proxy = {
options.my.services.proxy = {
enable = mkOption {
default = false;
@ -22,7 +22,7 @@ in {
type = types.listOf types.str;
default = [];
description = ''
Proxy these hostnames.
Proxy these hostNames.
'';
};
proxyTo = mkOption {
@ -58,6 +58,7 @@ in {
'';
default = {};
};
};
}));
default = [];
@ -75,20 +76,28 @@ in {
services.haproxy = {
enable = true;
config = ''
resolvers dns
nameservers quad9 9.9.9.9:53
hold valid 1s
frontend http-in
bind *:80
default_backend proxy-backend-http
backend proxy-backend-http
${concatMapStringSep "\n" (proxyHost:
timeout connect 5000
timeout check 5000
timeout client 30000
timeout server 30000
${concatMapStringsSep "\n" (proxyHost:
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
concatMapStringSep "\n" (hostname: ''
concatMapStringsSep "\n" (hostname: ''
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
server ${hostname}-http ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpPort} weight 0
server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000
''
) (attrValues proxyHost.hostnames)
) (proxyHost.hostNames)
)
) (attrValues cfg.proxyHosts)
) (cfg.proxyHosts)
}
frontend https-in
@ -96,17 +105,21 @@ in {
default_backend proxy-backend-https
backend proxy-backend-https
${concatMapStringSep "\n" (proxyHost:
timeout connect 5000
timeout check 5000
timeout client 30000
timeout server 30000
${concatMapStringsSep "\n" (proxyHost:
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
concatMapStringSep "\n" (hostname: ''
concatMapStringsSep "\n" (hostname: ''
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
server ${hostname}-https ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpsPort} weight 0
server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000
''
) (attrValues proxyHost.hostnames)
) (proxyHost.hostNames)
)
) (attrValues cfg.proxyHosts)
) (cfg.proxyHosts)
}
'';
};
};
}

Loading…
Cancel
Save