Route IPv6 traffic via valkyrie

config/hosts/web-public-2/nginx.nix

@@ -38,7 +38,6 @@
         }
         server {
           listen 0.0.0.0:443;
-          listen [::]:443;
           proxy_pass $address;
           ssl_preread on;
           proxy_protocol on;

config/hosts/web-public-2/virtualHosts/element-admin.nekover.se.nix

@@ -37,7 +37,7 @@ in
     enableACME = true;
 
     listen = [{
-      addr = "localhost";
+      addr = "0.0.0.0";
       port = 8443;
       ssl = true;
       extraParameters = ["proxy_protocol"];
@@ -86,7 +86,8 @@ in
       # $remote_port to the client address and client port, when using proxy
       # protocol.
       # First set our proxy protocol proxy as trusted.
-      set_real_ip_from 127.0.0.1;
+      set_real_ip_from 10.202.41.100; # IPv4 from web-public-2
+      set_real_ip_from 10.203.10.3; # IPv6 from valkyrie
       # Then tell the realip_module to get the addreses from the proxy protocol
       # header.
       real_ip_header proxy_protocol;

config/hosts/web-public-2/virtualHosts/element.nekover.se.nix

@@ -28,7 +28,7 @@ in
       ];
     };
     listen = [{
-      addr = "localhost";
+      addr = "0.0.0.0";
       port = 8443;
       ssl = true;
       extraParameters = ["proxy_protocol"];
@@ -60,7 +60,8 @@ in
       # redirect server error pages to the static page /50x.html
       error_page   500 502 503 504  /50x.html;
 
-      set_real_ip_from 127.0.0.1;
+      set_real_ip_from 10.202.41.100; # IPv4 from web-public-2
+      set_real_ip_from 10.203.10.3; # IPv6 from valkyrie
       real_ip_header proxy_protocol;
     '';
   };

config/hosts/web-public-2/virtualHosts/nekover.se.nix

@@ -23,7 +23,8 @@
       '';
     };
     extraConfig = ''
-      set_real_ip_from 127.0.0.1;
+      set_real_ip_from 10.202.41.100; # IPv4 from web-public-2
+      set_real_ip_from 10.203.10.3; # IPv6 from valkyrie
       real_ip_header proxy_protocol;
     '';
   };