2
2
mirror of https://git.feal.no/felixalb/nixos-config.git synced 2024-12-22 04:07:28 +01:00

defiant: cleanup nginx

This commit is contained in:
Felix Albrigtsen 2024-01-28 01:10:59 +01:00
parent 20c44ad78d
commit 0cacad7aea

View File

@ -40,34 +40,21 @@
forceSSL = true;
locations."/".proxyPass = "${upstream}";
};
in {
"jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/";
"git.feal.no" = publicProxy "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
"wiki.wackattack.eu" = publicProxy "http://pascal.wackattack.home.feal.no/";
"cloud.feal.no" = {
listen = [
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
];
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
server_tokens off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
server_tokens off;
'';
locations."/".proxyPass = "http://voyager.home.feal.no/";
};
in {
"auth.feal.no" = publicProxy "https://voyager.home.feal.no";
"cloud.feal.no" = publicProxy "http://voyager.home.feal.no";
"git.feal.no" = publicProxy "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
"jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/";
"wiki.wackattack.eu" = publicProxy "http://pascal.wackattack.home.feal.no/";
};
}