storage-ng/public-address-proxy: fixed errors

4 years ago · bc1118fccf
parent 79db592b0a
commit bc1118fccf
2 changed files with 29 additions and 22 deletions
--- a/hosts/storage-ng/public-access-proxy/configuration.nix
+++ b/hosts/storage-ng/public-access-proxy/configuration.nix
@ -28,15 +28,15 @@

  services.openssh = {
    enable = true;
-    permitRootLogin = "prohibit-password";
+    permitRootLogin = "yes";
    ports = [ 1122 ];
  };

-  services.my.proxy = {
+  my.services.proxy = {
    enable = true;
    proxyHosts = [
      {
-        hostNames = [ "mdm.arkom.men" ];
+        hostNames = [ "c3d2.arkom.men" "test.arkom.men" ];
        proxyTo = { host = "cloud.bombenverleih.de"; httpPort = 80; httpsPort = 443; };
      }
    ];
@ -47,12 +47,6 @@
    443
   ];

-  users.extraUsers.k-ot = {
-    inNormalUser = true;
-    uid = 1000;
-    extraGroups = [ "wheel" ];
-  };
-
  system.stateVersion = "18.09"; # Did you read the comment?

 }
--- a/hosts/storage-ng/public-access-proxy/proxy.nix
+++ b/hosts/storage-ng/public-access-proxy/proxy.nix
@ -6,7 +6,7 @@ let

 in {

-  options.my.serices.proxy = {
+  options.my.services.proxy = {

    enable = mkOption {
      default = false;
@ -22,7 +22,7 @@ in {
              type = types.listOf types.str;
              default = [];
              description = ''
-                Proxy these hostnames.
+                Proxy these hostNames.
              '';
            };
            proxyTo = mkOption {
@ -58,6 +58,7 @@ in {
              '';
              default = {};
            };
+          };

        }));
      default = [];
@ -75,20 +76,28 @@ in {
    services.haproxy = {
      enable = true;
      config = ''
+        resolvers dns
+          nameservers quad9 9.9.9.9:53
+          hold valid 1s
+
        frontend http-in
          bind *:80
          default_backend proxy-backend-http
  
        backend proxy-backend-http
-          ${concatMapStringSep "\n" (proxyHost:
+          timeout connect 5000
+          timeout check 5000
+          timeout client 30000
+          timeout server 30000
+          ${concatMapStringsSep "\n" (proxyHost:
            optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
-              concatMapStringSep "\n" (hostname: ''
+              concatMapStringsSep "\n" (hostname: ''
                use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
-                server ${hostname}-http ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpPort} weight 0
+                server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000
              ''
-              ) (attrValues proxyHost.hostnames)
+              ) (proxyHost.hostNames)
            )
-          ) (attrValues cfg.proxyHosts)
+          ) (cfg.proxyHosts)
          }

        frontend https-in
@ -96,17 +105,21 @@ in {
          default_backend proxy-backend-https

        backend proxy-backend-https
-          ${concatMapStringSep "\n" (proxyHost:
+          timeout connect 5000
+          timeout check 5000
+          timeout client 30000
+          timeout server 30000
+          ${concatMapStringsSep "\n" (proxyHost:
            optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
-              concatMapStringSep "\n" (hostname: ''
+              concatMapStringsSep "\n" (hostname: ''
                use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
-                server ${hostname}-https ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpsPort} weight 0
+                server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000
              ''
-              ) (attrValues proxyHost.hostnames)
+              ) (proxyHost.hostNames)
            )
-          ) (attrValues cfg.proxyHosts)
+          ) (cfg.proxyHosts)
          }
      '';
    };
-
+  };
 }