From f74aecf951c73a4197f2efaa6afb675d78f250af Mon Sep 17 00:00:00 2001 From: goeranh Date: Wed, 25 Feb 2026 18:18:01 +0100 Subject: [PATCH] proxy host entries --- hosts/proxy/default.nix | 178 +++++++++++++++++++--------------------- 1 file changed, 83 insertions(+), 95 deletions(-) diff --git a/hosts/proxy/default.nix b/hosts/proxy/default.nix index 7bc977e..1dcb22d 100644 --- a/hosts/proxy/default.nix +++ b/hosts/proxy/default.nix @@ -69,7 +69,59 @@ services = { } ]; }; - haproxy = { + haproxy = + let + forwards = { + plone = { + dest = "141.56.51.3"; + domain = "stura.htw-dresden.de"; + httpPort = 80; + httpsPort = 443; + }; + plone_alt = { + dest = "141.56.51.3"; + domain = "www.stura.htw-dresden.de"; + httpPort = 80; + httpsPort = 443; + }; + tix = { + dest = "141.56.51.220"; + domain = "tix.htw.stura-dresden.de"; + httpPort = 80; + httpsPort = 443; + }; + vot = { + dest = "141.56.51.81"; + domain = "vot.htw.stura-dresden.de"; + httpPort = 80; + httpsPort = 443; + }; + dat = { + dest = "141.56.51.81"; + domain = "dat.htw.stura-dresden.de"; + httpPort = 80; + httpsPort = 443; + }; + pro = { + dest = "141.56.51.15"; + domain = "pro.htw.stura-dresden.de"; + httpPort = 80; + httpsPort = 443; + }; + cloud = { + dest = "141.56.51.16"; + domain = "cloud.htw.stura-dresden.de"; + httpPort = 80; + httpsPort = 443; + }; + wiki = { + dest = "141.56.51.13"; + domain = "wiki.htw.stura-dresden.de"; + httpPort = 80; + httpsPort = 443; + }; + }; + in{ enable = true; config = '' global @@ -97,38 +149,21 @@ services = { stats show-legends stats show-node - # # ---- HTTP (port 80) for ACME challenges ---- - # frontend http_in - # bind *:80 - # mode http - # option httplog - - # acl is_acme path_beg /.well-known/acme-challenge/ - # acl is_my_domain hdr(host) -i stura.htw-dresden.de - # use_backend acme_backend if is_acme is_my_domain - # # redirect everything else to HTTPS - # redirect scheme https code 301 if !is_acme - - # backend acme_backend - # mode http - # server acme 127.0.0.1:8888 - frontend http-in bind *:80 - acl is_plone hdr(host) -i stura.htw-dresden.de - acl is_www_plone hdr(host) -i www.stura.htw-dresden.de - acl is_tix hdr(host) -i tix.htw.stura-dresden.de - acl is_vot hdr(host) -i vot.htw.stura-dresden.de - acl is_dat hdr(host) -i dat.htw.stura-dresden.de - acl is_pro hdr(host) -i pro.stura.htw-dresden.de - - use_backend plone_80 if is_plone - use_backend plone_80 if is_www_plone - use_backend pro_80 if is_pro - use_backend tix_80 if is_tix - use_backend dat_80 if is_dat - use_backend vot_80 if is_vot + ${ + lib.foldlAttrs(prev: name: value: prev + + "acl is_${name} hdr(host) -i ${value.domain}\n" + ) "" forwards + } + + ${ + lib.foldlAttrs(prev: name: value: prev + + "use_backend ${name}_80 if is_${name}\n" + ) "" forwards + } + default_backend plone_80 @@ -136,7 +171,6 @@ services = { bind *:2142 mode tcp timeout client 30m - timeout connect 10s log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq dst:%[var(sess.dst)] " use_backend ssh_srs2 @@ -144,22 +178,15 @@ services = { frontend sni_router bind *:443 mode tcp - tcp-request inspect-delay 5s + tcp-request inspect-delay 1s tcp-request content accept if { req_ssl_hello_type 1 } # terminated here - #use_backend terminate_plone if { req_ssl_sni -i stura.htw-dresden.de } - use_backend plone_passthrough if { req_ssl_sni -i stura.htw-dresden.de } - use_backend plone_passthrough if { req_ssl_sni -i www.stura.htw-dresden.de } - use_backend tix_passthrough if { req_ssl_sni -i tix.htw.stura-dresden.de } - use_backend vot_passthrough if { req_ssl_sni -i vot.htw.stura-dresden.de } - use_backend dat_passthrough if { req_ssl_sni -i dat.htw.stura-dresden.de } - use_backend tls_passthrough if { req_ssl_sni -i pro.stura.htw-dresden.de } - - backend terminate_plone - mode tcp - # loopback to the termination frontend below - server loopback 127.0.0.1:8443 + ${ + lib.foldlAttrs(prev: name: value: prev + + "use_backend ${name}_443 if { req_ssl_sni -i ${value.domain} }\n" + ) "" forwards + } backend ssh_srs2 mode tcp @@ -168,59 +195,20 @@ services = { option tcpka server srs2 141.56.51.2:80 check - backend tls_passthrough - mode tcp - server nginx_host 141.56.51.15:443 check + ${ + lib.foldlAttrs(prev: name: value: prev + + '' - backend tix_passthrough - mode tcp - server nginx_host 141.56.51.220:443 check + backend ${name}_80 + mode http + server ${name} ${value.dest}:${builtins.toString value.httpPort} + backend ${name}_443 + mode tcp + server ${name} ${value.dest}:${builtins.toString value.httpsPort} check - backend vot_passthrough - mode tcp - server nginx_host 141.56.51.57:443 check - - backend dat_passthrough - mode tcp - server nginx_host 141.56.51.81:443 check - - backend plone_passthrough - mode tcp - server nginx_host 141.56.51.3:443 check - - frontend https_terminated - bind 127.0.0.1:8443 ssl crt /var/lib/acme/stura.htw-dresden.de/full.pem - mode http - - default_backend plone_backend - - backend plone_80 - mode http - server plone 141.56.51.3:80 check - - backend tix_80 - mode http - server plone 141.56.51.220:80 check - - backend vot_80 - mode http - server plone 141.56.51.57:80 check - - backend dat_80 - mode http - server plone 141.56.51.81:80 check - - backend pro_80 - mode http - server plone 141.56.51.15:80 check - - backend plone_backend - mode http - http-request set-header Host stura.htw-dresden.de - http-request replace-uri ^/(.*)$ /VirtualHostBase/https/stura.htw-dresden.de:443/Plone/VirtualHostRoot/\1 - server plone 141.56.51.5:8080 check - -# proxy_pass "http://141.56.51.5:8080/VirtualHostBase/https/stura.htw-dresden.de:443/Plone/VirtualHostRoot/"; + '' + ) "" forwards + } ''; }; };