diff --git a/profiles/http/services/webdav-zotero.nix b/profiles/http/services/webdav-zotero.nix index 4e128e9..09cc607 100644 --- a/profiles/http/services/webdav-zotero.nix +++ b/profiles/http/services/webdav-zotero.nix @@ -24,28 +24,44 @@ scope = "/mnt/reidun/Various/Zotero"; modify = true; } - /** / - { - username = "guest"; - password = "hunter2"; - } - /**/ ]; + #cors = { + # enabled = true; + # credentials = true; + # allowed_methods = [ "GET" ]; + # exposed_headers = [ + # "Content-Length" + # "Content-Range" + # ]; + #}; }; }; services.nginx.virtualHosts.${mkDomain "webdav"} = lib.mkIf config.services.webdav.enable { forceSSL = true; # addSSL = true; enableACME = true; #useACMEHost = acmeDomain; locations."/" = { + recommendedProxySettings = false; # lol we disable it and copy it back in, and it works /shrug proxyPass = "http://127.0.0.1:${toString config.services.webdav.settings.port}"; #proxyWebsockets = true; extraConfig = '' - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header REMOTE-HOST $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_redirect off; + proxy_redirect off; + proxy_connect_timeout ${config.services.nginx.proxyTimeout}; + proxy_send_timeout ${config.services.nginx.proxyTimeout}; + proxy_read_timeout ${config.services.nginx.proxyTimeout}; + proxy_http_version 1.1; + # don't let clients close the keep-alive connection to upstream. See the nginx blog for details: + # https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives + proxy_set_header "Connection" ""; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + + proxy_request_buffering off; client_max_body_size 2G; ''; };