storage-ng/public-address-proxy: fixed errors
Markus Schmidl
parent
79db592b0a
commit
bc1118fccf
|
|
@ -28,15 +28,15 @@
|
|||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
permitRootLogin = "prohibit-password";
|
||||
permitRootLogin = "yes";
|
||||
ports = [ 1122 ];
|
||||
};
|
||||
|
||||
services.my.proxy = {
|
||||
my.services.proxy = {
|
||||
enable = true;
|
||||
proxyHosts = [
|
||||
{
|
||||
hostNames = [ "mdm.arkom.men" ];
|
||||
hostNames = [ "c3d2.arkom.men" "test.arkom.men" ];
|
||||
proxyTo = { host = "cloud.bombenverleih.de"; httpPort = 80; httpsPort = 443; };
|
||||
}
|
||||
];
|
||||
|
|
@ -47,12 +47,6 @@
|
|||
443
|
||||
];
|
||||
|
||||
users.extraUsers.k-ot = {
|
||||
inNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
|
||||
system.stateVersion = "18.09"; # Did you read the comment?
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ let
|
|||
|
||||
in {
|
||||
|
||||
options.my.serices.proxy = {
|
||||
options.my.services.proxy = {
|
||||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
|
|
@ -22,7 +22,7 @@ in {
|
|||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Proxy these hostnames.
|
||||
Proxy these hostNames.
|
||||
'';
|
||||
};
|
||||
proxyTo = mkOption {
|
||||
|
|
@ -58,6 +58,7 @@ in {
|
|||
'';
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
|
||||
}));
|
||||
default = [];
|
||||
|
|
@ -75,20 +76,28 @@ in {
|
|||
services.haproxy = {
|
||||
enable = true;
|
||||
config = ''
|
||||
resolvers dns
|
||||
nameservers quad9 9.9.9.9:53
|
||||
hold valid 1s
|
||||
|
||||
frontend http-in
|
||||
bind *:80
|
||||
default_backend proxy-backend-http
|
||||
|
||||
backend proxy-backend-http
|
||||
${concatMapStringSep "\n" (proxyHost:
|
||||
timeout connect 5000
|
||||
timeout check 5000
|
||||
timeout client 30000
|
||||
timeout server 30000
|
||||
${concatMapStringsSep "\n" (proxyHost:
|
||||
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
||||
concatMapStringSep "\n" (hostname: ''
|
||||
concatMapStringsSep "\n" (hostname: ''
|
||||
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
|
||||
server ${hostname}-http ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpPort} weight 0
|
||||
server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000
|
||||
''
|
||||
) (attrValues proxyHost.hostnames)
|
||||
) (proxyHost.hostNames)
|
||||
)
|
||||
) (attrValues cfg.proxyHosts)
|
||||
) (cfg.proxyHosts)
|
||||
}
|
||||
|
||||
frontend https-in
|
||||
|
|
@ -96,17 +105,21 @@ in {
|
|||
default_backend proxy-backend-https
|
||||
|
||||
backend proxy-backend-https
|
||||
${concatMapStringSep "\n" (proxyHost:
|
||||
timeout connect 5000
|
||||
timeout check 5000
|
||||
timeout client 30000
|
||||
timeout server 30000
|
||||
${concatMapStringsSep "\n" (proxyHost:
|
||||
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
||||
concatMapStringSep "\n" (hostname: ''
|
||||
concatMapStringsSep "\n" (hostname: ''
|
||||
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
|
||||
server ${hostname}-https ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpsPort} weight 0
|
||||
server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000
|
||||
''
|
||||
) (attrValues proxyHost.hostnames)
|
||||
) (proxyHost.hostNames)
|
||||
)
|
||||
) (attrValues cfg.proxyHosts)
|
||||
) (cfg.proxyHosts)
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue