first xray

2026-02-17 07:44:41 +04:00 · 2025-10-18 12:43:35 +09:00 · 2025-10-18 12:43:35 +09:00 · c2106ca1a6
commit c2106ca1a6
parent bbacfb100e
18 changed files with 482 additions and 29 deletions
--- a/nix/server/nginx.nix
+++ b/nix/server/nginx.nix
@ -5,6 +5,7 @@
 }:
 let
 	cfg = config.kp2pml30.server;
+	ports = config.kp2pml30.server.ports;
 	acmeRoot = "/var/lib/acme/acme-challenge";
 	pref = "kp2";
 in lib.mkIf cfg.nginx {
@ -14,7 +15,7 @@ in lib.mkIf cfg.nginx {
 		defaults.email = "kp2pml30@gmail.com";
 		#defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
 		certs."${cfg.hostname}" = {
-			extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" "backend.${cfg.hostname}" "dns.${cfg.hostname}" "cache.nix.${cfg.hostname}" ];
+			extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" "backend.${cfg.hostname}" "dns.${cfg.hostname}" "cache.nix.${cfg.hostname}" "x.${cfg.hostname}" ];
 			webroot = acmeRoot;
 			group = "nginx";
 		};
@ -23,6 +24,9 @@ in lib.mkIf cfg.nginx {
 	services.nginx = {
 		enable = true;

+		logError = "stderr debug";
+
+
 		virtualHosts = {
 			"git.${cfg.hostname}" = {
 				enableACME = true;
@ -33,7 +37,7 @@ in lib.mkIf cfg.nginx {
 				];

 				locations."/" = {
-					proxyPass = "http://127.0.0.1:8002";
+					proxyPass = "http://127.0.0.1:${toString ports.forgejo}";
 				};
 			};

@ -46,7 +50,7 @@ in lib.mkIf cfg.nginx {
 				];

 				locations."/" = {
-					proxyPass = "http://127.0.0.1:8001";
+					proxyPass = "http://127.0.0.1:${toString ports.backend}";
 				};
 			};

@ -59,7 +63,43 @@ in lib.mkIf cfg.nginx {
 				];

 				locations."/" = {
-					proxyPass = "http://127.0.0.1:8003";
+					proxyPass = "http://127.0.0.1:${toString ports.coredns-https}";
+				};
+			};
+
+			"x.${cfg.hostname}" = {
+				enableACME = true;
+				acmeRoot = acmeRoot;
+
+				listen = [
+					{ addr = "0.0.0.0"; port = 80; }
+				];
+
+				locations."/" = {
+					proxyPass = "https://www.lovelive-anime.jp";
+					extraConfig = ''
+						sub_filter                         $proxy_host $host;
+						sub_filter_once                    off;
+
+						proxy_set_header Host              $proxy_host;
+						proxy_http_version                 1.1;
+						proxy_cache_bypass                 $http_upgrade;
+						proxy_ssl_server_name on;
+
+						proxy_set_header Upgrade           $http_upgrade;
+						proxy_set_header Connection        $connection_upgrade;
+						proxy_set_header X-Real-IP         $proxy_protocol_addr;
+						proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+						proxy_set_header X-Forwarded-Proto $scheme;
+						proxy_set_header X-Forwarded-Host  $host;
+						proxy_set_header X-Forwarded-Port  $server_port;
+
+						proxy_connect_timeout              60s;
+						proxy_send_timeout                 60s;
+						proxy_read_timeout                 60s;
+
+						resolver 1.1.1.1;
+					'';
 				};
 			};

@ -79,7 +119,74 @@ in lib.mkIf cfg.nginx {
 					tryFiles = "$uri $uri/ /index.html";
 				};
 			};
-		} // (if cfg.nix-cache then {
+		} // (if cfg.xray then {
+			# Xray fallback proxy servers
+			"127.0.0.1:${toString ports.xray-fallback}" = {
+				listen = [
+					{ addr = "127.0.0.1"; port = ports.xray-fallback; proxyProtocol = true; }
+				];
+
+				locations."/" = {
+					proxyPass = "https://www.lovelive-anime.jp";
+					extraConfig = ''
+						sub_filter                         $proxy_host $host;
+						sub_filter_once                    off;
+
+						proxy_set_header Host              $proxy_host;
+						proxy_http_version                 1.1;
+						proxy_cache_bypass                 $http_upgrade;
+						proxy_ssl_server_name on;
+
+						proxy_set_header Upgrade           $http_upgrade;
+						proxy_set_header Connection        $connection_upgrade;
+						proxy_set_header X-Real-IP         $proxy_protocol_addr;
+						proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+						proxy_set_header X-Forwarded-Proto $scheme;
+						proxy_set_header X-Forwarded-Host  $host;
+						proxy_set_header X-Forwarded-Port  $server_port;
+
+						proxy_connect_timeout              60s;
+						proxy_send_timeout                 60s;
+						proxy_read_timeout                 60s;
+
+						resolver 1.1.1.1;
+					'';
+				};
+			};
+
+			"127.0.0.1:${toString ports.xray-websocket}" = {
+				listen = [
+					{ addr = "127.0.0.1"; port = ports.xray-websocket; proxyProtocol = true; }
+				];
+
+				locations."/" = {
+					proxyPass = "https://www.lovelive-anime.jp";
+					extraConfig = ''
+						sub_filter                         $proxy_host $host;
+						sub_filter_once                    off;
+
+						proxy_set_header Host              $proxy_host;
+						proxy_http_version                 1.1;
+						proxy_cache_bypass                 $http_upgrade;
+						proxy_ssl_server_name on;
+
+						proxy_set_header Upgrade           $http_upgrade;
+						proxy_set_header Connection        $connection_upgrade;
+						proxy_set_header X-Real-IP         $proxy_protocol_addr;
+						proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+						proxy_set_header X-Forwarded-Proto $scheme;
+						proxy_set_header X-Forwarded-Host  $host;
+						proxy_set_header X-Forwarded-Port  $server_port;
+
+						proxy_connect_timeout              60s;
+						proxy_send_timeout                 60s;
+						proxy_read_timeout                 60s;
+
+						resolver 1.1.1.1;
+					'';
+				};
+			};
+		} else {}) // (if cfg.nix-cache then {
 			"cache.nix.${cfg.hostname}" = {
 				enableACME = true;
 				acmeRoot = acmeRoot;