StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

proxy host entries

Browse source
This commit is contained in:
goeranh 2026-02-25 18:18:01 +01:00
parent 9e1c690743
commit f74aecf951
No known key found for this signature in database
1 changed files with 83 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

178
hosts/proxy/default.nix
View file

@ -69,7 +69,59 @@ services = {
}
];
};
haproxy = {
haproxy =
let
forwards = {
plone = {
dest = "141.56.51.3";
domain = "stura.htw-dresden.de";
httpPort = 80;
httpsPort = 443;
};
plone_alt = {
dest = "141.56.51.3";
domain = "www.stura.htw-dresden.de";
httpPort = 80;
httpsPort = 443;
};
tix = {
dest = "141.56.51.220";
domain = "tix.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
};
vot = {
dest = "141.56.51.81";
domain = "vot.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
};
dat = {
dest = "141.56.51.81";
domain = "dat.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
};
pro = {
dest = "141.56.51.15";
domain = "pro.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
};
cloud = {
dest = "141.56.51.16";
domain = "cloud.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
};
wiki = {
dest = "141.56.51.13";
domain = "wiki.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
};
};
in{
enable = true;
config = ''
global
@ -97,38 +149,21 @@ services = {
stats show-legends
stats show-node
# # ---- HTTP (port 80) for ACME challenges ----
# frontend http_in
# bind *:80
# mode http
# option httplog
# acl is_acme path_beg /.well-known/acme-challenge/
# acl is_my_domain hdr(host) -i stura.htw-dresden.de
# use_backend acme_backend if is_acme is_my_domain
# # redirect everything else to HTTPS
# redirect scheme https code 301 if !is_acme
# backend acme_backend
# mode http
# server acme 127.0.0.1:8888
frontend http-in
bind *:80
acl is_plone hdr(host) -i stura.htw-dresden.de
acl is_www_plone hdr(host) -i www.stura.htw-dresden.de
acl is_tix hdr(host) -i tix.htw.stura-dresden.de
acl is_vot hdr(host) -i vot.htw.stura-dresden.de
acl is_dat hdr(host) -i dat.htw.stura-dresden.de
acl is_pro hdr(host) -i pro.stura.htw-dresden.de
use_backend plone_80 if is_plone
use_backend plone_80 if is_www_plone
use_backend pro_80 if is_pro
use_backend tix_80 if is_tix
use_backend dat_80 if is_dat
use_backend vot_80 if is_vot
${
lib.foldlAttrs(prev: name: value: prev +
"acl is_${name} hdr(host) -i ${value.domain}\n"
) "" forwards
}
${
lib.foldlAttrs(prev: name: value: prev +
"use_backend ${name}_80 if is_${name}\n"
) "" forwards
}
default_backend plone_80
@ -136,7 +171,6 @@ services = {
bind *:2142
mode tcp
timeout client 30m
timeout connect 10s
log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq dst:%[var(sess.dst)] "
use_backend ssh_srs2
@ -144,22 +178,15 @@ services = {
frontend sni_router
bind *:443
mode tcp
tcp-request inspect-delay 5s
tcp-request inspect-delay 1s
tcp-request content accept if { req_ssl_hello_type 1 }
# terminated here
#use_backend terminate_plone if { req_ssl_sni -i stura.htw-dresden.de }
use_backend plone_passthrough if { req_ssl_sni -i stura.htw-dresden.de }
use_backend plone_passthrough if { req_ssl_sni -i www.stura.htw-dresden.de }
use_backend tix_passthrough if { req_ssl_sni -i tix.htw.stura-dresden.de }
use_backend vot_passthrough if { req_ssl_sni -i vot.htw.stura-dresden.de }
use_backend dat_passthrough if { req_ssl_sni -i dat.htw.stura-dresden.de }
use_backend tls_passthrough if { req_ssl_sni -i pro.stura.htw-dresden.de }
backend terminate_plone
mode tcp
# loopback to the termination frontend below
server loopback 127.0.0.1:8443
${
lib.foldlAttrs(prev: name: value: prev +
"use_backend ${name}_443 if { req_ssl_sni -i ${value.domain} }\n"
) "" forwards
}
backend ssh_srs2
mode tcp
@ -168,59 +195,20 @@ services = {
option tcpka
server srs2 141.56.51.2:80 check
backend tls_passthrough
mode tcp
server nginx_host 141.56.51.15:443 check
${
lib.foldlAttrs(prev: name: value: prev +
''
backend tix_passthrough
mode tcp
server nginx_host 141.56.51.220:443 check
backend ${name}_80
mode http
server ${name} ${value.dest}:${builtins.toString value.httpPort}
backend ${name}_443
mode tcp
server ${name} ${value.dest}:${builtins.toString value.httpsPort} check
backend vot_passthrough
mode tcp
server nginx_host 141.56.51.57:443 check
backend dat_passthrough
mode tcp
server nginx_host 141.56.51.81:443 check
backend plone_passthrough
mode tcp
server nginx_host 141.56.51.3:443 check
frontend https_terminated
bind 127.0.0.1:8443 ssl crt /var/lib/acme/stura.htw-dresden.de/full.pem
mode http
default_backend plone_backend
backend plone_80
mode http
server plone 141.56.51.3:80 check
backend tix_80
mode http
server plone 141.56.51.220:80 check
backend vot_80
mode http
server plone 141.56.51.57:80 check
backend dat_80
mode http
server plone 141.56.51.81:80 check
backend pro_80
mode http
server plone 141.56.51.15:80 check
backend plone_backend
mode http
http-request set-header Host stura.htw-dresden.de
http-request replace-uri ^/(.*)$ /VirtualHostBase/https/stura.htw-dresden.de:443/Plone/VirtualHostRoot/\1
server plone 141.56.51.5:8080 check
# proxy_pass "http://141.56.51.5:8080/VirtualHostBase/https/stura.htw-dresden.de:443/Plone/VirtualHostRoot/";
''
) "" forwards
}
'';
};
};