Add TLS-SNI forwarding for hedgedoc server
This commit is contained in:
parent
8dbb7477be
commit
e77307551f
2 changed files with 33 additions and 0 deletions
|
|
@ -2,6 +2,7 @@
|
|||
{
|
||||
imports = [
|
||||
./gitea.nix
|
||||
./tls_sni.nix
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
|
|
|
|||
32
hosts/tls_sni.nix
Normal file
32
hosts/tls_sni.nix
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
{ ... }:
|
||||
{
|
||||
services.nginx = {
|
||||
streamConfig = ''
|
||||
map $ssl_preread_server_name $target_backend {
|
||||
md.gvfr.de rupert;
|
||||
default localserv;
|
||||
}
|
||||
|
||||
upstream rupert {
|
||||
server rupert.gvfr.de:443;
|
||||
}
|
||||
|
||||
upstream localserv {
|
||||
server localhost:4431;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
|
||||
# proxy_connect_timeout 1s;
|
||||
# proxy_timeout 3s;
|
||||
# resolver 1.1.1.1;
|
||||
|
||||
proxy_pass $target_backend;
|
||||
ssl_preread on;
|
||||
}
|
||||
'';
|
||||
|
||||
defaultSSLListenPort = 4431;
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue