Add janky nginx config with workaround for proxy protocol

2023-07-24 01:12:36 +02:00 · 2023-07-24 01:12:36 +02:00 · ecfe325c9c
commit ecfe325c9c
parent ade955bdf4
14 changed files with 343 additions and 281 deletions
--- a/hosts/web-public-2/virtualHosts/element.nekover.se.nix
+++ b/hosts/web-public-2/virtualHosts/element.nekover.se.nix
@ -0,0 +1,33 @@
+{ ... }:
+{
+  services.nginx.virtualHosts."element.nekover.se" = {
+    forceSSL = true;
+    enableACME = true;
+    listen = [
+      {
+        addr = "0.0.0.0";
+        port = 80;
+      }
+      {
+        addr = "localhost";
+        port = 8443;
+        ssl = true;
+        proxyProtocol = true;
+      }
+    ];
+    locations."/" = {
+      proxyPass = "http://element.vs.grzb.de";
+      recommendedProxySettings = false;
+      extraConfig = ''
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+      '';
+    };
+    extraConfig = ''
+      add_header X-Frame-Options SAMEORIGIN;
+      add_header X-Content-Type-Options nosniff;
+      add_header X-XSS-Protection "1; mode=block";
+      add_header Content-Security-Policy "frame-ancestors 'none'";
+    '';
+  };
+}