Add TLS-SNI forwarding for hedgedoc server

2023-09-07 09:01:47 +02:00 · 2023-09-07 09:01:47 +02:00 · e77307551f
parent 8dbb7477be
commit e77307551f
2 changed files with 33 additions and 0 deletions
--- a/hosts/Emitter.nix
+++ b/hosts/Emitter.nix
@ -2,6 +2,7 @@
 {
    imports = [
        ./gitea.nix
+        ./tls_sni.nix
    ];

    boot.loader.grub.enable = true;
--- a/hosts/tls_sni.nix
+++ b/hosts/tls_sni.nix
@ -0,0 +1,32 @@
+{ ... }:
+{
+    services.nginx = {
+        streamConfig = ''
+            map $ssl_preread_server_name $target_backend {
+                md.gvfr.de rupert;
+                default localserv;
+            }
+
+            upstream rupert {
+                server rupert.gvfr.de:443;
+            }
+
+            upstream localserv {
+                server localhost:4431;
+            }
+
+            server {
+                listen 443;
+
+                # proxy_connect_timeout 1s;
+                # proxy_timeout 3s;
+                # resolver 1.1.1.1;
+
+                proxy_pass $target_backend;
+                ssl_preread on;
+            }
+        '';
+
+        defaultSSLListenPort = 4431;
+    };
+}