From 1c268bbea6a0d08ab14bb32019495b0d8a8b9acd Mon Sep 17 00:00:00 2001 From: yuri Date: Sun, 3 Sep 2023 17:43:41 +0200 Subject: [PATCH] Just do the nginx proxy_protocol listen in extraConfig and use stable packages --- hosts.nix | 3 --- hosts/hydra/nginx.nix | 31 +++++++++++++++---------------- hosts/nextcloud/nextcloud.nix | 14 ++------------ hosts/nitter/nginx.nix | 18 ++++++------------ 4 files changed, 23 insertions(+), 43 deletions(-) diff --git a/hosts.nix b/hosts.nix index d608e79..177da2d 100644 --- a/hosts.nix +++ b/hosts.nix @@ -24,7 +24,6 @@ let in generateDefaults { hydra = { - hostNixpkgs = nixpkgs-unstable; site = "vs"; }; iperf = { @@ -47,11 +46,9 @@ in site = "vs"; }; nextcloud = { - hostNixpkgs = nixpkgs-unstable; site = "vs"; }; nitter = { - hostNixpkgs = nixpkgs-unstable; site = "vs"; }; coturn = { diff --git a/hosts/hydra/nginx.nix b/hosts/hydra/nginx.nix index e313c2d..5a15fe1 100644 --- a/hosts/hydra/nginx.nix +++ b/hosts/hydra/nginx.nix @@ -3,41 +3,40 @@ services.nginx = { enable = true; virtualHosts = { - "hydra.nekover.se" = { forceSSL = true; enableACME = true; listen = [{ - addr = "127.0.0.1"; - port = 1234; - }{ addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; + port = 80; }]; locations."/" = { proxyPass = "http://localhost:3001"; }; - }; + extraConfig = '' + listen 0.0.0.0:8443 http2 ssl proxy_protocol; + set_real_ip_from 10.202.41.100; + real_ip_header proxy_protocol; + ''; + }; "nix-cache.nekover.se" = { forceSSL = true; enableACME = true; - listen = [{ - addr = "127.0.0.1"; - port = 1234; - }{ + listen = [ { addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; + port = 80; }]; locations."/" = { proxyPass = "http://localhost:5005"; }; + extraConfig = '' + listen 0.0.0.0:8443 http2 ssl proxy_protocol; + + set_real_ip_from 10.202.41.100; + real_ip_header proxy_protocol; + ''; }; - }; }; } diff --git a/hosts/nextcloud/nextcloud.nix b/hosts/nextcloud/nextcloud.nix index d09b0fb..dd3a328 100644 --- a/hosts/nextcloud/nextcloud.nix +++ b/hosts/nextcloud/nextcloud.nix @@ -41,19 +41,9 @@ virtualHosts.${config.services.nextcloud.hostName} = { forceSSL = true; enableACME = true; - listen = [ - { - addr = "localhost"; - port = 1234; - } # workaround for enableACME check - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; extraConfig = '' + listen 0.0.0.0:8443 http2 ssl proxy_protocol; + set_real_ip_from 10.202.41.100; real_ip_header proxy_protocol; ''; diff --git a/hosts/nitter/nginx.nix b/hosts/nitter/nginx.nix index d0f47ed..862405c 100644 --- a/hosts/nitter/nginx.nix +++ b/hosts/nitter/nginx.nix @@ -5,18 +5,6 @@ virtualHosts."birdsite.nekover.se" = { forceSSL = true; enableACME = true; - listen = [ - { - addr = "localhost"; - port = 1234; - } # workaround for enableACME check - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; locations."/robots.txt" = { return = "200 \"User-agent: *\\nDisallow: /\\n\""; }; @@ -24,6 +12,12 @@ proxyPass = "http://${config.services.nitter.server.address}:${builtins.toString config.services.nitter.server.port}"; proxyWebsockets = true; }; + extraConfig = '' + listen 0.0.0.0:8443 http2 ssl proxy_protocol; + + set_real_ip_from 10.202.41.100; + real_ip_header proxy_protocol; + ''; }; }; }