StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

conditionally send proxy protocol

Browse source
This commit is contained in:
goeranh 2026-04-20 08:56:40 +02:00
parent fe6650622f
commit 9041fe3d69
No known key found for this signature in database
1 changed files with 25 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

27
hosts/proxy/default.nix
View file

@ -98,108 +98,126 @@
domain = "docs.adm.htw.stura-dresden.de";
httpPort = 8080;
httpsPort = 8443;
sendProxy = false;
};
plone = {
dest = "141.56.51.3";
domain = "stura.htw-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
plone_alt = {
dest = "141.56.51.3";
domain = "www.stura.htw-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
plone_neu = {
dest = "141.56.51.3";
domain = "www.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
plone_neu2 = {
dest = "141.56.51.3";
domain = "htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
tix = {
dest = "141.56.51.220";
domain = "tix.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
post = {
dest = "141.56.51.56";
domain = "post.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
vot = {
dest = "141.56.51.57";
domain = "vot.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
mail = {
dest = "141.56.51.14";
domain = "mail.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
lists = {
dest = "141.56.51.14";
domain = "lists.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
dat = {
dest = "141.56.51.17";
domain = "dat.stu.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
pro = {
dest = "141.56.51.15";
domain = "pro.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
cloud = {
dest = "141.56.51.16";
domain = "cloud.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
wiki = {
dest = "141.56.51.13";
domain = "wiki.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
beach = {
dest = "141.56.51.51";
domain = "beach.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
studicloud = {
dest = "141.56.51.17";
domain = "dat.stu.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
bbb = {
dest = "141.56.51.94";
domain = "bbb.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
bbb-test = {
dest = "141.56.51.94";
domain = "bbb.test.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
sendProxy = false;
};
}
# zusätzlich zu den oben definierten wird hier noch ein redirect für jeden nginx virtualhost in diese flake generiert
@ -218,6 +236,10 @@
prev
// (builtins.foldl' (
val: vhost:
let
proxyProtocol = if self.nixosConfigurations.${name}.config.services.nginx.virtualHosts.${vhost}.listen == [] then false else
true;
in
val
// {
"${vhost}" = {
@ -225,6 +247,7 @@
domain = vhost;
httpsPort = 443;
httpPort = 80;
sendProxy = proxyProtocol;
};
}
) { } vhosts)
@ -519,13 +542,13 @@
backend ${name}_80
mode http
server ${name} ${value.dest}:${builtins.toString value.httpPort}
server ${name} ${value.dest}:${builtins.toString value.httpPort} ${if value.sendProxy == true then "send-proxy-v2" else ""}
backend ${name}_443
mode tcp
option tcpka # Enable server TCP keep-alive (Phase 4)
timeout server 60s # Increase from 30s for long-lived HTTPS
timeout connect 3s # Reduce from 5s (local network)
server ${name} ${value.dest}:${builtins.toString value.httpsPort} check inter 3000 rise 2 fall 3 maxconn 5000
server ${name} ${value.dest}:${builtins.toString value.httpsPort} ${if value.sendProxy == true then "send-proxy-v2" else ""} check inter 3000 rise 2 fall 3 maxconn 5000
''
) "" forwards}