Compare commits
	
		
			5 commits
		
	
	
		
			038a0c8176
			...
			11b3dd2927
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 11b3dd2927 | |||
| c62cb63dbc | |||
| 469fcbcbe8 | |||
| a9e5a7e83d | |||
| f348a12586 | 
					 3 changed files with 58 additions and 4 deletions
				
			
		|  | @ -100,7 +100,7 @@ | ||||||
|                     set -e |                     set -e | ||||||
|                     echo "Ensuring rupert.gvfr.de is up." |                     echo "Ensuring rupert.gvfr.de is up." | ||||||
|                     ${pkgs.dig}/bin/nslookup rupert.gvfr.de |                     ${pkgs.dig}/bin/nslookup rupert.gvfr.de | ||||||
|                     ${pkgs.unixtools.ping}/bin/ping -c1 rupert.gvfr.de >/dev/null |                     ${pkgs.unixtools.ping}/bin/ping -c2 rupert.gvfr.de | ||||||
|                     echo "Opening SSH tunnel." |                     echo "Opening SSH tunnel." | ||||||
|                     ${pkgs.openssh}/bin/ssh -6 -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true |                     ${pkgs.openssh}/bin/ssh -6 -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true | ||||||
|                     echo "Beginning backup operation." |                     echo "Beginning backup operation." | ||||||
|  | @ -144,6 +144,13 @@ | ||||||
| 
 | 
 | ||||||
|     services.postgresql.package = pkgs.postgresql_13; |     services.postgresql.package = pkgs.postgresql_13; | ||||||
| 
 | 
 | ||||||
|  |     services.logrotate = { | ||||||
|  |         enable = true; | ||||||
|  |         settings.nginx = { | ||||||
|  |             rotate = 2; | ||||||
|  |         }; | ||||||
|  |     }; | ||||||
|  | 
 | ||||||
|     # This value determines the NixOS release from which the default |     # This value determines the NixOS release from which the default | ||||||
|     # settings for stateful data, like file locations and database versions |     # settings for stateful data, like file locations and database versions | ||||||
|     # on your system were taken. It’s perfectly fine and recommended to leave |     # on your system were taken. It’s perfectly fine and recommended to leave | ||||||
|  |  | ||||||
|  | @ -126,7 +126,28 @@ in | ||||||
|             extraConfig = '' |             extraConfig = '' | ||||||
|                 # Maximum upload file size for git-lfs |                 # Maximum upload file size for git-lfs | ||||||
|                 client_max_body_size 100M; |                 client_max_body_size 100M; | ||||||
|  | 
 | ||||||
|  |                 set_real_ip_from 127.0.0.1; | ||||||
|  |                 set_real_ip_from ::1; | ||||||
|  |                 real_ip_header proxy_protocol; | ||||||
|  |                 proxy_set_header X-Real-IP $proxy_protocol_addr; | ||||||
|  |                 proxy_set_header X-Fowarded-For $proxy_protocol_addr; | ||||||
|  | 
 | ||||||
|  |                 access_log /var/log/nginx/access.${domain}.log combined_realip; | ||||||
|             ''; |             ''; | ||||||
|  |             locations."/awstats/" = { | ||||||
|  |                 basicAuthFile = "/secrets/webstats_auth"; | ||||||
|  |             }; | ||||||
|  |         }; | ||||||
|  |     }; | ||||||
|  | 
 | ||||||
|  |     services.awstats = { | ||||||
|  |         enable = true; | ||||||
|  |         updateAt = "hourly"; | ||||||
|  |         configs."${domain}" = { | ||||||
|  |             logFile = "/var/log/nginx/access.${domain}.log"; | ||||||
|  |             domain = domain; | ||||||
|  |             webService.enable = true; | ||||||
|         }; |         }; | ||||||
|     }; |     }; | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -9,7 +9,7 @@ | ||||||
|             } |             } | ||||||
| 
 | 
 | ||||||
|             upstream rupert { |             upstream rupert { | ||||||
|                 server rupert.gvfr.de:443; |                 server rupert.gvfr.de:4431; | ||||||
|             } |             } | ||||||
| 
 | 
 | ||||||
|             upstream localserv { |             upstream localserv { | ||||||
|  | @ -18,16 +18,42 @@ | ||||||
| 
 | 
 | ||||||
|             server { |             server { | ||||||
|                 listen 443; |                 listen 443; | ||||||
|  |                 ssl_preread on; | ||||||
| 
 | 
 | ||||||
|                 # proxy_connect_timeout 1s; |                 # proxy_connect_timeout 1s; | ||||||
|                 # proxy_timeout 3s; |                 # proxy_timeout 3s; | ||||||
|                 # resolver 1.1.1.1; |                 # resolver 1.1.1.1; | ||||||
| 
 | 
 | ||||||
|                 proxy_pass $target_backend; |                 proxy_pass $target_backend; | ||||||
|                 ssl_preread on; |                 proxy_next_upstream off; | ||||||
|  | 
 | ||||||
|  |                 proxy_protocol on; | ||||||
|             } |             } | ||||||
|         ''; |         ''; | ||||||
| 
 | 
 | ||||||
|         defaultSSLListenPort = 4431; |         defaultListen = [ | ||||||
|  |             { | ||||||
|  |                 addr = "0.0.0.0"; | ||||||
|  |                 port = 80; | ||||||
|  |                 ssl = false; | ||||||
|  |             } | ||||||
|  |             { | ||||||
|  |                 addr = "[::0]"; | ||||||
|  |                 port = 80; | ||||||
|  |                 ssl = false; | ||||||
|  |             } | ||||||
|  |             { | ||||||
|  |                 addr = "0.0.0.0"; | ||||||
|  |                 port = 4431; | ||||||
|  |                 ssl = true; | ||||||
|  |                 proxyProtocol = true; | ||||||
|  |             } | ||||||
|  |             { | ||||||
|  |                 addr = "[::0]"; | ||||||
|  |                 port = 4431; | ||||||
|  |                 ssl = true; | ||||||
|  |                 proxyProtocol = true; | ||||||
|  |             } | ||||||
|  |         ]; | ||||||
|     }; |     }; | ||||||
| } | } | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue