mirror of
https://github.com/kp2pml30/dotfiles.git
synced 2026-02-17 07:44:41 +04:00
first xray
This commit is contained in:
parent
bbacfb100e
commit
c2106ca1a6
18 changed files with 482 additions and 29 deletions
|
|
@ -5,6 +5,7 @@
|
|||
}:
|
||||
let
|
||||
cfg = config.kp2pml30.server;
|
||||
ports = config.kp2pml30.server.ports;
|
||||
acmeRoot = "/var/lib/acme/acme-challenge";
|
||||
pref = "kp2";
|
||||
in lib.mkIf cfg.nginx {
|
||||
|
|
@ -14,7 +15,7 @@ in lib.mkIf cfg.nginx {
|
|||
defaults.email = "kp2pml30@gmail.com";
|
||||
#defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||
certs."${cfg.hostname}" = {
|
||||
extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" "backend.${cfg.hostname}" "dns.${cfg.hostname}" "cache.nix.${cfg.hostname}" ];
|
||||
extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" "backend.${cfg.hostname}" "dns.${cfg.hostname}" "cache.nix.${cfg.hostname}" "x.${cfg.hostname}" ];
|
||||
webroot = acmeRoot;
|
||||
group = "nginx";
|
||||
};
|
||||
|
|
@ -23,6 +24,9 @@ in lib.mkIf cfg.nginx {
|
|||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
logError = "stderr debug";
|
||||
|
||||
|
||||
virtualHosts = {
|
||||
"git.${cfg.hostname}" = {
|
||||
enableACME = true;
|
||||
|
|
@ -33,7 +37,7 @@ in lib.mkIf cfg.nginx {
|
|||
];
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8002";
|
||||
proxyPass = "http://127.0.0.1:${toString ports.forgejo}";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -46,7 +50,7 @@ in lib.mkIf cfg.nginx {
|
|||
];
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8001";
|
||||
proxyPass = "http://127.0.0.1:${toString ports.backend}";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -59,7 +63,43 @@ in lib.mkIf cfg.nginx {
|
|||
];
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8003";
|
||||
proxyPass = "http://127.0.0.1:${toString ports.coredns-https}";
|
||||
};
|
||||
};
|
||||
|
||||
"x.${cfg.hostname}" = {
|
||||
enableACME = true;
|
||||
acmeRoot = acmeRoot;
|
||||
|
||||
listen = [
|
||||
{ addr = "0.0.0.0"; port = 80; }
|
||||
];
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "https://www.lovelive-anime.jp";
|
||||
extraConfig = ''
|
||||
sub_filter $proxy_host $host;
|
||||
sub_filter_once off;
|
||||
|
||||
proxy_set_header Host $proxy_host;
|
||||
proxy_http_version 1.1;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header X-Real-IP $proxy_protocol_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
||||
|
||||
resolver 1.1.1.1;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -79,7 +119,74 @@ in lib.mkIf cfg.nginx {
|
|||
tryFiles = "$uri $uri/ /index.html";
|
||||
};
|
||||
};
|
||||
} // (if cfg.nix-cache then {
|
||||
} // (if cfg.xray then {
|
||||
# Xray fallback proxy servers
|
||||
"127.0.0.1:${toString ports.xray-fallback}" = {
|
||||
listen = [
|
||||
{ addr = "127.0.0.1"; port = ports.xray-fallback; proxyProtocol = true; }
|
||||
];
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "https://www.lovelive-anime.jp";
|
||||
extraConfig = ''
|
||||
sub_filter $proxy_host $host;
|
||||
sub_filter_once off;
|
||||
|
||||
proxy_set_header Host $proxy_host;
|
||||
proxy_http_version 1.1;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header X-Real-IP $proxy_protocol_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
||||
|
||||
resolver 1.1.1.1;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
"127.0.0.1:${toString ports.xray-websocket}" = {
|
||||
listen = [
|
||||
{ addr = "127.0.0.1"; port = ports.xray-websocket; proxyProtocol = true; }
|
||||
];
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "https://www.lovelive-anime.jp";
|
||||
extraConfig = ''
|
||||
sub_filter $proxy_host $host;
|
||||
sub_filter_once off;
|
||||
|
||||
proxy_set_header Host $proxy_host;
|
||||
proxy_http_version 1.1;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header X-Real-IP $proxy_protocol_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
||||
|
||||
resolver 1.1.1.1;
|
||||
'';
|
||||
};
|
||||
};
|
||||
} else {}) // (if cfg.nix-cache then {
|
||||
"cache.nix.${cfg.hostname}" = {
|
||||
enableACME = true;
|
||||
acmeRoot = acmeRoot;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue