From e925dfd0c5da50c65174dd8c90a40970a6e02a36 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Wed, 14 Jul 2021 18:53:12 +0200
Subject: [PATCH] public-access-proxy: fix settings

---
 .../containers/public-access-proxy/proxy.nix  | 31 +++++++++----------
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/hosts/containers/public-access-proxy/proxy.nix b/hosts/containers/public-access-proxy/proxy.nix
index 8f035fc4..a8ca2808 100644
--- a/hosts/containers/public-access-proxy/proxy.nix
+++ b/hosts/containers/public-access-proxy/proxy.nix
@@ -76,16 +76,18 @@ in {
     services.haproxy = {
       enable = true;
       config = ''
+        defaults
+          timeout client 30000
+          timeout connect 5000
+          timeout check 5000
+          timeout server 30000
+
         frontend http-in
           bind :::80 v4v6
-          timeout client 30000
           option http-keep-alive
           default_backend proxy-backend-http
 
         backend proxy-backend-http
-          timeout connect 5000
-          timeout check 5000
-          timeout server 30000
           mode http
           option http-server-close
           option forwardfor
@@ -99,33 +101,28 @@ in {
                 use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
                 server ${hostname}-http ${proxyHost.proxyTo.host}:${
                   toString proxyHost.proxyTo.httpPort
-                }
+                } weight 0
               '') (proxyHost.hostNames))) (cfg.proxyHosts)
           }
 
         frontend https-in
           bind :::443 v4v6
-          timeout client 30000
+          tcp-request inspect-delay 5s
+          tcp-request content accept if { req_ssl_hello_type 1 }
           default_backend proxy-backend-https
 
         backend proxy-backend-https
-          timeout connect 5000
-          timeout check 5000
-          timeout server 30000
-          option http-server-close
-          http-request set-header X-Forwarded-Proto https
-          http-request set-header X-Forwarded-Port 443
-          ${
-            concatMapStringsSep "\n" (proxyHost:
-              optionalString
+        ${
+          concatMapStringsSep "\n" (proxyHost:
+            optionalString
               (proxyHost.hostNames != [ ] && proxyHost.proxyTo.host != null)
               (concatMapStringsSep "\n" (hostname: ''
                 use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
                 server ${hostname}-https ${proxyHost.proxyTo.host}:${
                   toString proxyHost.proxyTo.httpsPort
-                }
+                } weight 0
               '') (proxyHost.hostNames))) (cfg.proxyHosts)
-          }
+        }
       '';
     };
   };