StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

proxy host entries

Browse source
This commit is contained in:
goeranh 2026-02-25 18:18:01 +01:00
parent 9e1c690743
commit f74aecf951
No known key found for this signature in database
1 changed files with 83 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

176
hosts/proxy/default.nix
View file

@ -69,7 +69,59 @@ services = {
} }
]; ];
}; };
haproxy = { haproxy =
let
forwards = {
plone = {
dest = "141.56.51.3";
domain = "stura.htw-dresden.de";
httpPort = 80;
httpsPort = 443;
};
plone_alt = {
dest = "141.56.51.3";
domain = "www.stura.htw-dresden.de";
httpPort = 80;
httpsPort = 443;
};
tix = {
dest = "141.56.51.220";
domain = "tix.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
};
vot = {
dest = "141.56.51.81";
domain = "vot.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
};
dat = {
dest = "141.56.51.81";
domain = "dat.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
};
pro = {
dest = "141.56.51.15";
domain = "pro.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
};
cloud = {
dest = "141.56.51.16";
domain = "cloud.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
};
wiki = {
dest = "141.56.51.13";
domain = "wiki.htw.stura-dresden.de";
httpPort = 80;
httpsPort = 443;
};
};
in{
enable = true; enable = true;
config = '' config = ''
global global
@ -97,38 +149,21 @@ services = {
stats show-legends stats show-legends
stats show-node stats show-node
# # ---- HTTP (port 80) for ACME challenges ----
# frontend http_in
# bind *:80
# mode http
# option httplog
# acl is_acme path_beg /.well-known/acme-challenge/
# acl is_my_domain hdr(host) -i stura.htw-dresden.de
# use_backend acme_backend if is_acme is_my_domain
# # redirect everything else to HTTPS
# redirect scheme https code 301 if !is_acme
# backend acme_backend
# mode http
# server acme 127.0.0.1:8888
frontend http-in frontend http-in
bind *:80 bind *:80
acl is_plone hdr(host) -i stura.htw-dresden.de ${
acl is_www_plone hdr(host) -i www.stura.htw-dresden.de lib.foldlAttrs(prev: name: value: prev +
acl is_tix hdr(host) -i tix.htw.stura-dresden.de "acl is_${name} hdr(host) -i ${value.domain}\n"
acl is_vot hdr(host) -i vot.htw.stura-dresden.de ) "" forwards
acl is_dat hdr(host) -i dat.htw.stura-dresden.de }
acl is_pro hdr(host) -i pro.stura.htw-dresden.de
${
lib.foldlAttrs(prev: name: value: prev +
"use_backend ${name}_80 if is_${name}\n"
) "" forwards
}
use_backend plone_80 if is_plone
use_backend plone_80 if is_www_plone
use_backend pro_80 if is_pro
use_backend tix_80 if is_tix
use_backend dat_80 if is_dat
use_backend vot_80 if is_vot
default_backend plone_80 default_backend plone_80
@ -136,7 +171,6 @@ services = {
bind *:2142 bind *:2142
mode tcp mode tcp
timeout client 30m timeout client 30m
timeout connect 10s
log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq dst:%[var(sess.dst)] " log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq dst:%[var(sess.dst)] "
use_backend ssh_srs2 use_backend ssh_srs2
@ -144,22 +178,15 @@ services = {
frontend sni_router frontend sni_router
bind *:443 bind *:443
mode tcp mode tcp
tcp-request inspect-delay 5s tcp-request inspect-delay 1s
tcp-request content accept if { req_ssl_hello_type 1 } tcp-request content accept if { req_ssl_hello_type 1 }
# terminated here # terminated here
#use_backend terminate_plone if { req_ssl_sni -i stura.htw-dresden.de } ${
use_backend plone_passthrough if { req_ssl_sni -i stura.htw-dresden.de } lib.foldlAttrs(prev: name: value: prev +
use_backend plone_passthrough if { req_ssl_sni -i www.stura.htw-dresden.de } "use_backend ${name}_443 if { req_ssl_sni -i ${value.domain} }\n"
use_backend tix_passthrough if { req_ssl_sni -i tix.htw.stura-dresden.de } ) "" forwards
use_backend vot_passthrough if { req_ssl_sni -i vot.htw.stura-dresden.de } }
use_backend dat_passthrough if { req_ssl_sni -i dat.htw.stura-dresden.de }
use_backend tls_passthrough if { req_ssl_sni -i pro.stura.htw-dresden.de }
backend terminate_plone
mode tcp
# loopback to the termination frontend below
server loopback 127.0.0.1:8443
backend ssh_srs2 backend ssh_srs2
mode tcp mode tcp
@ -168,59 +195,20 @@ services = {
option tcpka option tcpka
server srs2 141.56.51.2:80 check server srs2 141.56.51.2:80 check
backend tls_passthrough ${
mode tcp lib.foldlAttrs(prev: name: value: prev +
server nginx_host 141.56.51.15:443 check ''
backend tix_passthrough backend ${name}_80
mode tcp mode http
server nginx_host 141.56.51.220:443 check server ${name} ${value.dest}:${builtins.toString value.httpPort}
backend ${name}_443
mode tcp
server ${name} ${value.dest}:${builtins.toString value.httpsPort} check
backend vot_passthrough ''
mode tcp ) "" forwards
server nginx_host 141.56.51.57:443 check }
backend dat_passthrough
mode tcp
server nginx_host 141.56.51.81:443 check
backend plone_passthrough
mode tcp
server nginx_host 141.56.51.3:443 check
frontend https_terminated
bind 127.0.0.1:8443 ssl crt /var/lib/acme/stura.htw-dresden.de/full.pem
mode http
default_backend plone_backend
backend plone_80
mode http
server plone 141.56.51.3:80 check
backend tix_80
mode http
server plone 141.56.51.220:80 check
backend vot_80
mode http
server plone 141.56.51.57:80 check
backend dat_80
mode http
server plone 141.56.51.81:80 check
backend pro_80
mode http
server plone 141.56.51.15:80 check
backend plone_backend
mode http
http-request set-header Host stura.htw-dresden.de
http-request replace-uri ^/(.*)$ /VirtualHostBase/https/stura.htw-dresden.de:443/Plone/VirtualHostRoot/\1
server plone 141.56.51.5:8080 check
# proxy_pass "http://141.56.51.5:8080/VirtualHostBase/https/stura.htw-dresden.de:443/Plone/VirtualHostRoot/";
''; '';
}; };
}; };