sail: Expose certain services only via SSL
This commit is contained in:
parent
5114ab5d10
commit
5232858822
5 changed files with 46 additions and 54 deletions
|
@ -37,18 +37,16 @@
|
|||
"d /etc/container-proxitok/cache 0755 33 33"
|
||||
];
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts."tictac.daniel.sx" = {
|
||||
http3 = true;
|
||||
services.nginx.virtualHosts."tictac.daniel.sx" = {
|
||||
http3 = true;
|
||||
|
||||
forceSSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
basicAuthFile = config.age.secrets.proxitok-auth.path;
|
||||
onlySSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
basicAuthFile = config.age.secrets.proxitok-auth.path;
|
||||
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyPass = "http://127.0.0.1:8005";
|
||||
};
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyPass = "http://127.0.0.1:8005";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -38,27 +38,25 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts."overflow.daniel.sx" = {
|
||||
http3 = true;
|
||||
services.nginx.virtualHosts."overflow.daniel.sx" = {
|
||||
http3 = true;
|
||||
|
||||
root = "${anonymous-overflow-pkg}/share/anonymous-overflow/public/";
|
||||
forceSSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
basicAuthFile = config.age.secrets.anonymous-overflow-auth.path;
|
||||
root = "${anonymous-overflow-pkg}/share/anonymous-overflow/public/";
|
||||
onlySSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
basicAuthFile = config.age.secrets.anonymous-overflow-auth.path;
|
||||
|
||||
locations."/" = {
|
||||
tryFiles = "$uri @proxy";
|
||||
};
|
||||
locations."/" = {
|
||||
tryFiles = "$uri @proxy";
|
||||
};
|
||||
|
||||
locations."/static".extraConfig = ''
|
||||
rewrite ^/static(/.*)$ $1 last;
|
||||
'';
|
||||
locations."/static".extraConfig = ''
|
||||
rewrite ^/static(/.*)$ $1 last;
|
||||
'';
|
||||
|
||||
locations."@proxy" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyPass = "http://127.0.0.1:8003";
|
||||
};
|
||||
locations."@proxy" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyPass = "http://127.0.0.1:8003";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = {
|
||||
http3 = true;
|
||||
|
||||
forceSSL = true;
|
||||
onlySSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
basicAuthFile = config.age.secrets.libreddit-auth.path;
|
||||
|
||||
|
|
|
@ -51,26 +51,24 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts."${secret.nginx.hostnames.nitter}" = {
|
||||
http3 = true;
|
||||
services.nginx.virtualHosts."${secret.nginx.hostnames.nitter}" = {
|
||||
http3 = true;
|
||||
|
||||
root = "${nitter-pkg}/share/nitter/public/";
|
||||
forceSSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
root = "${nitter-pkg}/share/nitter/public/";
|
||||
onlySSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
|
||||
locations."/" = {
|
||||
tryFiles = "$uri @proxy";
|
||||
};
|
||||
locations."/" = {
|
||||
tryFiles = "$uri @proxy";
|
||||
};
|
||||
|
||||
locations."/pic/" = proxy-no-auth;
|
||||
locations."/video/" = proxy-no-auth;
|
||||
locations."/pic/" = proxy-no-auth;
|
||||
locations."/video/" = proxy-no-auth;
|
||||
|
||||
locations."@proxy" = {
|
||||
basicAuthFile = config.age.secrets.nitter-auth.path;
|
||||
recommendedProxySettings = true;
|
||||
proxyPass = "http://127.0.0.1:8001";
|
||||
};
|
||||
locations."@proxy" = {
|
||||
basicAuthFile = config.age.secrets.nitter-auth.path;
|
||||
recommendedProxySettings = true;
|
||||
proxyPass = "http://127.0.0.1:8001";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -40,18 +40,16 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts."ringo.daniel.sx" = {
|
||||
http3 = true;
|
||||
services.nginx.virtualHosts."ringo.daniel.sx" = {
|
||||
http3 = true;
|
||||
|
||||
forceSSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
basicAuthFile = config.age.secrets.rimgo-auth.path;
|
||||
onlySSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
basicAuthFile = config.age.secrets.rimgo-auth.path;
|
||||
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyPass = "http://127.0.0.1:8006";
|
||||
};
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyPass = "http://127.0.0.1:8006";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue