From f19436b1786c70af02a8edd58755d3cb1e4b2788 Mon Sep 17 00:00:00 2001
From: fi <fiona@grzb.de>
Date: Tue, 7 Apr 2026 21:51:50 +0200
Subject: [PATCH] Allow proxy protocol to reverse proxy

---
 config/hosts/web-public-2/configuration.nix    |  2 +-
 .../virtualHosts/element.nekover.se.nix        | 18 ++++++++++++------
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/config/hosts/web-public-2/configuration.nix b/config/hosts/web-public-2/configuration.nix
index 94e74b6..e942787 100644
--- a/config/hosts/web-public-2/configuration.nix
+++ b/config/hosts/web-public-2/configuration.nix
@@ -21,7 +21,7 @@
     hostName = "web-public-2";
     firewall = {
       enable = true;
-      allowedTCPPorts = [ 80 443 5000 8448 ];
+      allowedTCPPorts = [ 80 443 5000 8443 8448 ];
     };
   };
 
diff --git a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix
index 6e61d6c..23a3212 100644
--- a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix
+++ b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix
@@ -27,12 +27,18 @@ in
         ./element-web-config
       ];
     };
-    listen = [{
-      addr = "0.0.0.0";
-      port = 8443;
-      ssl = true;
-      extraParameters = ["proxy_protocol"];
-    }];
+    listen = [
+      {
+        addr = "0.0.0.0";
+        port = 80;
+      }
+      {
+        addr = "0.0.0.0";
+        port = 8443;
+        ssl = true;
+        proxyProtocol = true;
+      }
+    ];
 
     # Set no-cache for the version, config and index.html
     # so that browsers always check for a new copy of Element Web.