56 lines
1.3 KiB
Nix
56 lines
1.3 KiB
Nix
{ ... }:
|
|
{
|
|
services.nginx = {
|
|
streamConfig = ''
|
|
map $ssl_preread_server_name $target_backend {
|
|
default rupert;
|
|
md.gvfr.de rupert;
|
|
rupert.gvfr.de rupert;
|
|
git.25120.org localserv;
|
|
}
|
|
|
|
upstream rupert {
|
|
zone upstream_rupert 64k;
|
|
|
|
server rupert.gvfr.de:4431 resolve;
|
|
resolver 9.9.9.9 ipv4=off ipv6=on;
|
|
}
|
|
|
|
upstream localserv {
|
|
server 127.0.0.1:4431;
|
|
}
|
|
|
|
server {
|
|
listen 443;
|
|
ssl_preread on;
|
|
proxy_protocol on;
|
|
proxy_pass $target_backend;
|
|
}
|
|
'';
|
|
|
|
defaultListen = [
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 80;
|
|
ssl = false;
|
|
}
|
|
{
|
|
addr = "[::0]";
|
|
port = 80;
|
|
ssl = false;
|
|
}
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 4431;
|
|
ssl = true;
|
|
proxyProtocol = true;
|
|
}
|
|
{
|
|
addr = "[::0]";
|
|
port = 4431;
|
|
ssl = true;
|
|
proxyProtocol = true;
|
|
}
|
|
];
|
|
};
|
|
}
|