chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

update nginx defaults

Browse source
This commit is contained in:
chaos 2023-09-02 16:10:12 +01:00
parent 1221201296
commit 29af2a96d4
No known key found for this signature in database
3 changed files with 19 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hosts/hetzner-vm/containers/social/social.nix
View file

@ -85,9 +85,13 @@ in {
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://${containerIP}:8080"; proxyPass = "http://${containerIP}:8080";
proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
''; '';
}; };
extraConfig = '' extraConfig = ''

14
hosts/hetzner-vm/containers/storage/storage.nix
View file

@ -8,6 +8,9 @@
hostIP = container-addresses.host; hostIP = container-addresses.host;
containerIP = container-addresses.containers.storage; containerIP = container-addresses.containers.storage;
# 32GB
clientMaxBodySize = "${toString (8192 * 4)}M";
ports = import ./data/ports.nix {}; ports = import ./data/ports.nix {};
in { in {
containers.storage = { containers.storage = {
@ -71,8 +74,6 @@ in {
}; };
}; };
services.nginx.clientMaxBodySize = "${toString (8192 * 4)}m";
services.nginx.virtualHosts."storage-webdav.owo.monster" = { services.nginx.virtualHosts."storage-webdav.owo.monster" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -81,6 +82,9 @@ in {
"/Media/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_media}"; "/Media/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_media}";
"/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_music_ro}"; "/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_music_ro}";
}; };
extraConfig = ''
client_max_body_size ${clientMaxBodySize};
'';
}; };
services.nginx.virtualHosts."storage-http.owo.monster" = { services.nginx.virtualHosts."storage-http.owo.monster" = {
@ -90,6 +94,9 @@ in {
"/Music/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_music}"; "/Music/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_music}";
"/Public/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_public}"; "/Public/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_public}";
}; };
extraConfig = ''
client_max_body_size ${clientMaxBodySize};
'';
}; };
services.nginx.virtualHosts."storage-restic.owo.monster" = { services.nginx.virtualHosts."storage-restic.owo.monster" = {
@ -103,5 +110,8 @@ in {
"/Piped/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_piped}"; "/Piped/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_piped}";
"/Mail/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_mail}"; "/Mail/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_mail}";
}; };
extraConfig = ''
client_max_body_size ${clientMaxBodySize};
'';
}; };
} }

2
profiles/nginx.nix
View file

@ -25,6 +25,8 @@ in {
enable = true; enable = true;
package = pkgs.nginxQuic; package = pkgs.nginxQuic;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedBrotliSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;