1
0
Fork 0

adguardhome: improved upstream config

This commit is contained in:
Daniel Kempkens 2024-05-22 10:48:16 +02:00
parent cbdb8eec7a
commit aecd2b2a86
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM

View file

@ -60,59 +60,74 @@
virtualisation.podman.defaultNetwork.settings.dns_enabled = lib.mkForce secret.adguardhome.podmanDNS; virtualisation.podman.defaultNetwork.settings.dns_enabled = lib.mkForce secret.adguardhome.podmanDNS;
services.nginx.virtualHosts."${secret.adguardhome.domain_prefix}.internal.kempkens.network" = { services.nginx = {
serverAliases = [ "dns.internal.kempkens.network" ]; upstreams.adguardhome = {
servers = {
"127.0.0.1:3000" = {
fail_timeout = "2s";
};
};
listen = [ extraConfig = ''
{ keepalive 16;
addr = "0.0.0.0"; '';
port = 443; };
ssl = true;
}
{ virtualHosts."${secret.adguardhome.domain_prefix}.internal.kempkens.network" = {
addr = "[::0]"; serverAliases = [ "dns.internal.kempkens.network" ];
port = 443;
ssl = true;
}
{ listen = [
addr = "0.0.0.0"; {
port = 9053; addr = "0.0.0.0";
ssl = true; port = 443;
extraParameters = [ ssl = true;
"fastopen=63" }
"backlog=1023"
"deferred"
];
}
{ {
addr = "[::0]"; addr = "[::0]";
port = 9053; port = 443;
ssl = true; ssl = true;
extraParameters = [ }
"fastopen=63"
"backlog=1023"
"deferred"
];
}
];
quic = false; {
addr = "0.0.0.0";
port = 9053;
ssl = true;
extraParameters = [
"fastopen=63"
"backlog=1023"
"deferred"
];
}
onlySSL = true; {
useACMEHost = "internal.kempkens.network"; addr = "[::0]";
port = 9053;
ssl = true;
extraParameters = [
"fastopen=63"
"backlog=1023"
"deferred"
];
}
];
extraConfig = '' quic = true;
set_real_ip_from 100.64.10.2/32; http3 = true;
set_real_ip_from fd7a:115c:a1e0:1010::2/128;
real_ip_header X-Forwarded-For;
'';
locations."/" = { onlySSL = true;
recommendedProxySettings = true; useACMEHost = "internal.kempkens.network";
proxyPass = "http://127.0.0.1:3000";
extraConfig = ''
set_real_ip_from 100.64.10.2/32;
set_real_ip_from fd7a:115c:a1e0:1010::2/128;
real_ip_header X-Forwarded-For;
'';
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://adguardhome";
};
}; };
}; };
} }