1
0
Fork 0

sail: Expose certain services only via SSL

This commit is contained in:
Daniel Kempkens 2023-03-12 21:03:36 +01:00
parent 5114ab5d10
commit 5232858822
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
5 changed files with 46 additions and 54 deletions

View file

@ -37,18 +37,16 @@
"d /etc/container-proxitok/cache 0755 33 33"
];
services.nginx = {
virtualHosts."tictac.daniel.sx" = {
http3 = true;
services.nginx.virtualHosts."tictac.daniel.sx" = {
http3 = true;
forceSSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.proxitok-auth.path;
onlySSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.proxitok-auth.path;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8005";
};
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8005";
};
};
}

View file

@ -38,27 +38,25 @@ in
};
};
services.nginx = {
virtualHosts."overflow.daniel.sx" = {
http3 = true;
services.nginx.virtualHosts."overflow.daniel.sx" = {
http3 = true;
root = "${anonymous-overflow-pkg}/share/anonymous-overflow/public/";
forceSSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.anonymous-overflow-auth.path;
root = "${anonymous-overflow-pkg}/share/anonymous-overflow/public/";
onlySSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.anonymous-overflow-auth.path;
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."/static".extraConfig = ''
rewrite ^/static(/.*)$ $1 last;
'';
locations."/static".extraConfig = ''
rewrite ^/static(/.*)$ $1 last;
'';
locations."@proxy" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8003";
};
locations."@proxy" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8003";
};
};
}

View file

@ -11,7 +11,7 @@
services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = {
http3 = true;
forceSSL = true;
onlySSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.libreddit-auth.path;

View file

@ -51,26 +51,24 @@ in
};
};
services.nginx = {
virtualHosts."${secret.nginx.hostnames.nitter}" = {
http3 = true;
services.nginx.virtualHosts."${secret.nginx.hostnames.nitter}" = {
http3 = true;
root = "${nitter-pkg}/share/nitter/public/";
forceSSL = true;
useACMEHost = "daniel.sx";
root = "${nitter-pkg}/share/nitter/public/";
onlySSL = true;
useACMEHost = "daniel.sx";
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."/pic/" = proxy-no-auth;
locations."/video/" = proxy-no-auth;
locations."/pic/" = proxy-no-auth;
locations."/video/" = proxy-no-auth;
locations."@proxy" = {
basicAuthFile = config.age.secrets.nitter-auth.path;
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8001";
};
locations."@proxy" = {
basicAuthFile = config.age.secrets.nitter-auth.path;
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8001";
};
};
}

View file

@ -40,18 +40,16 @@ in
};
};
services.nginx = {
virtualHosts."ringo.daniel.sx" = {
http3 = true;
services.nginx.virtualHosts."ringo.daniel.sx" = {
http3 = true;
forceSSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.rimgo-auth.path;
onlySSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.rimgo-auth.path;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8006";
};
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8006";
};
};
}