133 lines
3.8 KiB
Nix
133 lines
3.8 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let cfg = config.my.services.proxy;
|
|
|
|
in {
|
|
|
|
options.my.services.proxy = {
|
|
|
|
enable = mkOption {
|
|
default = false;
|
|
description = "whether to enable proxy";
|
|
type = types.bool;
|
|
};
|
|
|
|
proxyHosts = mkOption {
|
|
type = types.listOf (types.submodule ({
|
|
options = {
|
|
hostNames = mkOption {
|
|
type = types.listOf types.str;
|
|
default = [ ];
|
|
description = ''
|
|
Proxy these hostNames.
|
|
'';
|
|
};
|
|
proxyTo = mkOption {
|
|
type = types.submodule ({
|
|
options = {
|
|
host = mkOption {
|
|
type = types.nullOr types.string;
|
|
default = null;
|
|
description = ''
|
|
Host to forward traffic to.
|
|
Any hostname may only be used once
|
|
'';
|
|
};
|
|
httpPort = mkOption {
|
|
type = types.int;
|
|
default = 80;
|
|
description = ''
|
|
Port to forward http to.
|
|
'';
|
|
};
|
|
httpsPort = mkOption {
|
|
type = types.int;
|
|
default = 443;
|
|
description = ''
|
|
Port to forward http to.
|
|
'';
|
|
};
|
|
};
|
|
});
|
|
description = ''
|
|
{ host = /* ip or fqdn */; httpPort = 80; httpsPort = 443; } to proxy to
|
|
'';
|
|
default = { };
|
|
};
|
|
};
|
|
|
|
}));
|
|
default = [ ];
|
|
example = [{
|
|
hostNames = [ "test.hq.c3d2.de" "test.c3d2.de" ];
|
|
proxyTo = {
|
|
host = "172.22.99.99";
|
|
httpPort = 80;
|
|
httpsPort = 443;
|
|
};
|
|
}];
|
|
};
|
|
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
services.haproxy = {
|
|
enable = true;
|
|
config = ''
|
|
frontend http-in
|
|
bind :::80 v4v6
|
|
timeout client 30000
|
|
option http-keep-alive
|
|
default_backend proxy-backend-http
|
|
|
|
backend proxy-backend-http
|
|
timeout connect 5000
|
|
timeout check 5000
|
|
timeout server 30000
|
|
mode http
|
|
option http-server-close
|
|
option forwardfor
|
|
http-request set-header X-Forwarded-Proto http
|
|
http-request set-header X-Forwarded-Port 80
|
|
${
|
|
concatMapStringsSep "\n" (proxyHost:
|
|
optionalString
|
|
(proxyHost.hostNames != [ ] && proxyHost.proxyTo.host != null)
|
|
(concatMapStringsSep "\n" (hostname: ''
|
|
use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
|
|
server ${hostname}-http ${proxyHost.proxyTo.host}:${
|
|
toString proxyHost.proxyTo.httpPort
|
|
}
|
|
'') (proxyHost.hostNames))) (cfg.proxyHosts)
|
|
}
|
|
|
|
frontend https-in
|
|
bind :::443 v4v6
|
|
timeout client 30000
|
|
default_backend proxy-backend-https
|
|
|
|
backend proxy-backend-https
|
|
timeout connect 5000
|
|
timeout check 5000
|
|
timeout server 30000
|
|
option http-server-close
|
|
http-request set-header X-Forwarded-Proto https
|
|
http-request set-header X-Forwarded-Port 443
|
|
${
|
|
concatMapStringsSep "\n" (proxyHost:
|
|
optionalString
|
|
(proxyHost.hostNames != [ ] && proxyHost.proxyTo.host != null)
|
|
(concatMapStringsSep "\n" (hostname: ''
|
|
use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
|
|
server ${hostname}-https ${proxyHost.proxyTo.host}:${
|
|
toString proxyHost.proxyTo.httpsPort
|
|
}
|
|
'') (proxyHost.hostNames))) (cfg.proxyHosts)
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
}
|