diff --git a/hosts/Emitter.nix b/hosts/Emitter.nix index f3a0776..8f12e6e 100644 --- a/hosts/Emitter.nix +++ b/hosts/Emitter.nix @@ -149,10 +149,24 @@ ''; }; + services.goatcounter = { + enable = true; + proxy = true; + }; + + services.nginx = { + commonHttpConfig = '' + log_format combined_realip '$proxy_protocol_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'; + log_format combined_vhost escape=none '$host: $remote_addr $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'; + access_log /var/log/nginx/access.log combined_vhost; + ''; + }; + services.logrotate = { enable = true; settings.nginx = { - rotate = 2; + frequency = "daily"; + rotate = 14; }; }; diff --git a/hosts/forgejo.nix b/hosts/forgejo.nix index 6d9a789..b167449 100644 --- a/hosts/forgejo.nix +++ b/hosts/forgejo.nix @@ -130,8 +130,6 @@ in set_real_ip_from 127.0.0.1; set_real_ip_from ::1; real_ip_header proxy_protocol; - proxy_set_header X-Real-IP $proxy_protocol_addr; - proxy_set_header X-Fowarded-For $proxy_protocol_addr; access_log /var/log/nginx/access.${domain}.log combined_realip; ''; diff --git a/hosts/tls_sni.nix b/hosts/tls_sni.nix index b870e92..58e2195 100644 --- a/hosts/tls_sni.nix +++ b/hosts/tls_sni.nix @@ -3,31 +3,28 @@ services.nginx = { streamConfig = '' map $ssl_preread_server_name $target_backend { - md.gvfr.de rupert; - rupert.gvfr.de rupert; - default localserv; + default rupert; + md.gvfr.de rupert; + rupert.gvfr.de rupert; + git.25120.org localserv; } upstream rupert { - server rupert.gvfr.de:4431; + zone upstream_rupert 64k; + + server rupert.gvfr.de:4431 resolve; + resolver 9.9.9.9 ipv4=off ipv6=on; } upstream localserv { - server localhost:4431; + server 127.0.0.1:4431; } server { listen 443; ssl_preread on; - - # proxy_connect_timeout 1s; - # proxy_timeout 3s; - # resolver 1.1.1.1; - - proxy_pass $target_backend; - proxy_next_upstream off; - proxy_protocol on; + proxy_pass $target_backend; } '';