StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

conditionally send proxy protocol

Browse source
This commit is contained in:
goeranh 2026-04-20 08:56:40 +02:00
parent fe6650622f
commit 9041fe3d69
No known key found for this signature in database
1 changed files with 25 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

27
hosts/proxy/default.nix
View file

@ -98,108 +98,126 @@
domain = "docs.adm.htw.stura-dresden.de"; domain = "docs.adm.htw.stura-dresden.de";
httpPort = 8080; httpPort = 8080;
httpsPort = 8443; httpsPort = 8443;
sendProxy = false;
}; };
plone = { plone = {
dest = "141.56.51.3"; dest = "141.56.51.3";
domain = "stura.htw-dresden.de"; domain = "stura.htw-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
plone_alt = { plone_alt = {
dest = "141.56.51.3"; dest = "141.56.51.3";
domain = "www.stura.htw-dresden.de"; domain = "www.stura.htw-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
plone_neu = { plone_neu = {
dest = "141.56.51.3"; dest = "141.56.51.3";
domain = "www.htw.stura-dresden.de"; domain = "www.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
plone_neu2 = { plone_neu2 = {
dest = "141.56.51.3"; dest = "141.56.51.3";
domain = "htw.stura-dresden.de"; domain = "htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
tix = { tix = {
dest = "141.56.51.220"; dest = "141.56.51.220";
domain = "tix.htw.stura-dresden.de"; domain = "tix.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
post = { post = {
dest = "141.56.51.56"; dest = "141.56.51.56";
domain = "post.htw.stura-dresden.de"; domain = "post.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
vot = { vot = {
dest = "141.56.51.57"; dest = "141.56.51.57";
domain = "vot.htw.stura-dresden.de"; domain = "vot.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
mail = { mail = {
dest = "141.56.51.14"; dest = "141.56.51.14";
domain = "mail.htw.stura-dresden.de"; domain = "mail.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
lists = { lists = {
dest = "141.56.51.14"; dest = "141.56.51.14";
domain = "lists.htw.stura-dresden.de"; domain = "lists.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
dat = { dat = {
dest = "141.56.51.17"; dest = "141.56.51.17";
domain = "dat.stu.htw.stura-dresden.de"; domain = "dat.stu.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
pro = { pro = {
dest = "141.56.51.15"; dest = "141.56.51.15";
domain = "pro.htw.stura-dresden.de"; domain = "pro.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
cloud = { cloud = {
dest = "141.56.51.16"; dest = "141.56.51.16";
domain = "cloud.htw.stura-dresden.de"; domain = "cloud.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
wiki = { wiki = {
dest = "141.56.51.13"; dest = "141.56.51.13";
domain = "wiki.htw.stura-dresden.de"; domain = "wiki.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
beach = { beach = {
dest = "141.56.51.51"; dest = "141.56.51.51";
domain = "beach.htw.stura-dresden.de"; domain = "beach.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
studicloud = { studicloud = {
dest = "141.56.51.17"; dest = "141.56.51.17";
domain = "dat.stu.htw.stura-dresden.de"; domain = "dat.stu.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
bbb = { bbb = {
dest = "141.56.51.94"; dest = "141.56.51.94";
domain = "bbb.htw.stura-dresden.de"; domain = "bbb.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
bbb-test = { bbb-test = {
dest = "141.56.51.94"; dest = "141.56.51.94";
domain = "bbb.test.htw.stura-dresden.de"; domain = "bbb.test.htw.stura-dresden.de";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
sendProxy = false;
}; };
} }
# zusätzlich zu den oben definierten wird hier noch ein redirect für jeden nginx virtualhost in diese flake generiert # zusätzlich zu den oben definierten wird hier noch ein redirect für jeden nginx virtualhost in diese flake generiert
@ -218,6 +236,10 @@
prev prev
// (builtins.foldl' ( // (builtins.foldl' (
val: vhost: val: vhost:
let
proxyProtocol = if self.nixosConfigurations.${name}.config.services.nginx.virtualHosts.${vhost}.listen == [] then false else
true;
in
val val
// { // {
"${vhost}" = { "${vhost}" = {
@ -225,6 +247,7 @@
domain = vhost; domain = vhost;
httpsPort = 443; httpsPort = 443;
httpPort = 80; httpPort = 80;
sendProxy = proxyProtocol;
}; };
} }
) { } vhosts) ) { } vhosts)
@ -519,13 +542,13 @@
backend ${name}_80 backend ${name}_80
mode http mode http
server ${name} ${value.dest}:${builtins.toString value.httpPort} server ${name} ${value.dest}:${builtins.toString value.httpPort} ${if value.sendProxy == true then "send-proxy-v2" else ""}
backend ${name}_443 backend ${name}_443
mode tcp mode tcp
option tcpka # Enable server TCP keep-alive (Phase 4) option tcpka # Enable server TCP keep-alive (Phase 4)
timeout server 60s # Increase from 30s for long-lived HTTPS timeout server 60s # Increase from 30s for long-lived HTTPS
timeout connect 3s # Reduce from 5s (local network) timeout connect 3s # Reduce from 5s (local network)
server ${name} ${value.dest}:${builtins.toString value.httpsPort} check inter 3000 rise 2 fall 3 maxconn 5000 server ${name} ${value.dest}:${builtins.toString value.httpsPort} ${if value.sendProxy == true then "send-proxy-v2" else ""} check inter 3000 rise 2 fall 3 maxconn 5000
'' ''
) "" forwards} ) "" forwards}