derped/nixos
1
0
Fork 0
Code Releases Activity

More nginx config dehardcoding. Did some sshd hardening.

Browse source
This commit is contained in:
Kevin Baensch 2019-03-24 22:55:17 +01:00
parent 66ca5839e5
commit e745bdea3d
5 changed files with 15 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

5
services/nginx.nix
View file

@ -2,6 +2,7 @@
# Includes: #
# - Nginx + SSL config #
# - Gitea #
# - Hydra #
# - Nextcloud #
# - Mail ssl root #
##############################################################################################
@ -33,7 +34,7 @@ mkIf (elem "nginx" config.machine.services) {
forceSSL = true;
extraConfig = ''
location / {
proxy_pass http://127.0.0.1:3001;
proxy_pass http://${config.services.hydra.listenHost}:${config.services.hydra.port};
proxy_set_header Host $http_host;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -163,7 +164,7 @@ mkIf (elem "nginx" config.machine.services) {
location @node {
client_max_body_size 0;
proxy_pass http://localhost:3000;
proxy_pass http://${config.services.gitea.httpAddress}:${config.services.gitea.httpPort};
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;