fruchti/hosts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

TLS SNI: Use proxy protocol

Browse source
This commit is contained in:
fruchti 2025-07-04 09:21:57 +02:00
parent a9e5a7e83d
commit 469fcbcbe8
1 changed files with 29 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

32
hosts/tls_sni.nix
View file

@ -9,7 +9,7 @@
} }
upstream rupert { upstream rupert {
server rupert.gvfr.de:443; server rupert.gvfr.de:4431;
} }
upstream localserv { upstream localserv {
@ -18,16 +18,42 @@
server { server {
listen 443; listen 443;
ssl_preread on;
# proxy_connect_timeout 1s; # proxy_connect_timeout 1s;
# proxy_timeout 3s; # proxy_timeout 3s;
# resolver 1.1.1.1; # resolver 1.1.1.1;
proxy_pass $target_backend; proxy_pass $target_backend;
ssl_preread on; proxy_next_upstream off;
proxy_protocol on;
} }
''; '';
defaultSSLListenPort = 4431; defaultListen = [
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
{
addr = "[::0]";
port = 80;
ssl = false;
}
{
addr = "0.0.0.0";
port = 4431;
ssl = true;
proxyProtocol = true;
}
{
addr = "[::0]";
port = 4431;
ssl = true;
proxyProtocol = true;
}
];
}; };
} }