fruchti/hosts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: fruchti:e04e623deab13e1f738f933a722e6f32658da84d
Branches Tags
fruchti:prod
fruchti:labs
fruchti:jupyter_disable
..
compare: fruchti:6e3f037e1a6bb348f4c2da49450449ac1c8df090
Branches Tags
fruchti:labs
fruchti:prod
fruchti:jupyter_disable

No commits in common. "e04e623deab13e1f738f933a722e6f32658da84d" and "6e3f037e1a6bb348f4c2da49450449ac1c8df090" have entirely different histories.
e04e623dea ... 6e3f037e1a

3 changed files with 16 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

16
hosts/Emitter.nix
View file

@ -149,24 +149,10 @@
''; '';
}; };
services.goatcounter = {
enable = true;
proxy = true;
};
services.nginx = {
commonHttpConfig = ''
log_format combined_realip '$proxy_protocol_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
log_format combined_vhost escape=none '$host: $remote_addr $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log combined_vhost;
'';
};
services.logrotate = { services.logrotate = {
enable = true; enable = true;
settings.nginx = { settings.nginx = {
frequency = "daily"; rotate = 2;
rotate = 14;
}; };
}; };

2
hosts/forgejo.nix
View file

@ -130,6 +130,8 @@ in
set_real_ip_from 127.0.0.1; set_real_ip_from 127.0.0.1;
set_real_ip_from ::1; set_real_ip_from ::1;
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Fowarded-For $proxy_protocol_addr;
access_log /var/log/nginx/access.${domain}.log combined_realip; access_log /var/log/nginx/access.${domain}.log combined_realip;
''; '';

19
hosts/tls_sni.nix
View file

@ -3,28 +3,31 @@
services.nginx = { services.nginx = {
streamConfig = '' streamConfig = ''
map $ssl_preread_server_name $target_backend { map $ssl_preread_server_name $target_backend {
default rupert;
md.gvfr.de rupert; md.gvfr.de rupert;
rupert.gvfr.de rupert; rupert.gvfr.de rupert;
git.25120.org localserv; default localserv;
} }
upstream rupert { upstream rupert {
zone upstream_rupert 64k; server rupert.gvfr.de:4431;
server rupert.gvfr.de:4431 resolve;
resolver 9.9.9.9 ipv4=off ipv6=on;
} }
upstream localserv { upstream localserv {
server 127.0.0.1:4431; server localhost:4431;
} }
server { server {
listen 443; listen 443;
ssl_preread on; ssl_preread on;
proxy_protocol on;
# proxy_connect_timeout 1s;
# proxy_timeout 3s;
# resolver 1.1.1.1;
proxy_pass $target_backend; proxy_pass $target_backend;
proxy_next_upstream off;
proxy_protocol on;
} }
''; '';