nix-infra/config/hosts/web-public-2/nginx.nix

{ ... }:
{
  imports = [
    ./virtualHosts
  ];

  services.nginx = {
    enable = true;

    eventsConfig = ''
      worker_connections 1024;
    '';

    appendConfig = ''
      worker_processes auto;

      stream {
        map $ssl_preread_server_name $address {
          anisync.grzb.de 127.0.0.1:8443;
          birdsite.nekover.se 10.202.41.107:8443;
          cloud.nekover.se 10.202.41.122:8443;
          element.nekover.se 127.0.0.1:8443;
          gameserver.grzb.de 127.0.0.1:8443;
          git.grzb.de 127.0.0.1:8443;
          hydra.nekover.se 10.202.41.121:8443;
          matrix.nekover.se 10.202.41.112:8443;
          mewtube.nekover.se 127.0.0.1:8443;
          nekover.se 127.0.0.1:8443;
          nix-cache.nekover.se 10.202.41.121:8443;
          social.nekover.se 10.202.41.104:8443;
        }
        server {
          listen 0.0.0.0:443;
          listen [::]:443;
          proxy_pass $address;
          ssl_preread on;
          proxy_protocol on;
        }
      }
    '';

    appendHttpConfig = ''
      add_header Strict-Transport-Security "max-age=63072000" always;
    '';
  };
}
Add janky nginx config with workaround for proxy protocol 2023-07-24 01:12:36 +02:00			`{ ... }:`
Work on hydra config, fix tor relay config, prepare web-public-2 host 2023-07-18 17:23:46 +02:00			`{`
Add janky nginx config with workaround for proxy protocol 2023-07-24 01:12:36 +02:00			`imports = [`
			`./virtualHosts`
			`];`

Work on hydra config, fix tor relay config, prepare web-public-2 host 2023-07-18 17:23:46 +02:00			`services.nginx = {`
			`enable = true;`
Add config for public reverse proxy 2023-07-20 06:29:15 +02:00
Increase worker_connections and set worker_processes to auto 2023-10-07 02:42:26 +02:00			`eventsConfig = ''`
			`worker_connections 1024;`
			`'';`

			`appendConfig = ''`
			`worker_processes auto;`
Use stable channel and use helper function for acme challenge proxy 2023-10-10 15:21:16 +02:00
			`stream {`
			`map $ssl_preread_server_name $address {`
			`anisync.grzb.de 127.0.0.1:8443;`
			`birdsite.nekover.se 10.202.41.107:8443;`
			`cloud.nekover.se 10.202.41.122:8443;`
			`element.nekover.se 127.0.0.1:8443;`
			`gameserver.grzb.de 127.0.0.1:8443;`
			`git.grzb.de 127.0.0.1:8443;`
			`hydra.nekover.se 10.202.41.121:8443;`
			`matrix.nekover.se 10.202.41.112:8443;`
			`mewtube.nekover.se 127.0.0.1:8443;`
			`nekover.se 127.0.0.1:8443;`
			`nix-cache.nekover.se 10.202.41.121:8443;`
			`social.nekover.se 10.202.41.104:8443;`
			`}`
			`server {`
			`listen 0.0.0.0:443;`
			`listen [::]:443;`
			`proxy_pass $address;`
			`ssl_preread on;`
			`proxy_protocol on;`
			`}`
			`}`
Increase worker_connections and set worker_processes to auto 2023-10-07 02:42:26 +02:00			`'';`

Add janky nginx config with workaround for proxy protocol 2023-07-24 01:12:36 +02:00			`appendHttpConfig = ''`
			`add_header Strict-Transport-Security "max-age=63072000" always;`
			`'';`
Work on hydra config, fix tor relay config, prepare web-public-2 host 2023-07-18 17:23:46 +02:00			`};`
			`}`