chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

update nginx defaults

Browse source
This commit is contained in:
chaos 2023-09-02 16:10:12 +01:00
parent 1221201296
commit 29af2a96d4
No known key found for this signature in database
3 changed files with 19 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hosts/hetzner-vm/containers/social/social.nix
View file

@ -85,9 +85,13 @@ in {
enableACME = true;
locations."/" = {
proxyPass = "http://${containerIP}:8080";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
extraConfig = ''

14
hosts/hetzner-vm/containers/storage/storage.nix
View file

@ -8,6 +8,9 @@
hostIP = container-addresses.host;
containerIP = container-addresses.containers.storage;
# 32GB
clientMaxBodySize = "${toString (8192 * 4)}M";
ports = import ./data/ports.nix {};
in {
containers.storage = {
@ -71,8 +74,6 @@ in {
};
};
services.nginx.clientMaxBodySize = "${toString (8192 * 4)}m";
services.nginx.virtualHosts."storage-webdav.owo.monster" = {
forceSSL = true;
enableACME = true;
@ -81,6 +82,9 @@ in {
"/Media/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_media}";
"/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_music_ro}";
};
extraConfig = ''
client_max_body_size ${clientMaxBodySize};
'';
};
services.nginx.virtualHosts."storage-http.owo.monster" = {
@ -90,6 +94,9 @@ in {
"/Music/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_music}";
"/Public/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_public}";
};
extraConfig = ''
client_max_body_size ${clientMaxBodySize};
'';
};
services.nginx.virtualHosts."storage-restic.owo.monster" = {
@ -103,5 +110,8 @@ in {
"/Piped/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_piped}";
"/Mail/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_mail}";
};
extraConfig = ''
client_max_body_size ${clientMaxBodySize};
'';
};
}

2
profiles/nginx.nix
View file

@ -25,6 +25,8 @@ in {
enable = true;
package = pkgs.nginxQuic;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;