Spoutnik is now an nginx reverse-proxy

author: ADRN <adrien@luxeylab.net> 2021-11-28 19:20:36 +0100
committer: ADRN <adrien@luxeylab.net> 2021-11-28 19:20:36 +0100
commit: 3bb938c9a0bf65390ad0f5095f27a5ab8ad57878 (patch)
tree: 53a1c2dcec31b07c8e1d9091e89eba1e0b1275fc /node/spoutnik.nix
parent: 2d8999b5d525f8552b48db0c63c6fb97a6015a4e (diff)
download: nixcfg-3bb938c9a0bf65390ad0f5095f27a5ab8ad57878.tar.gz
nixcfg-3bb938c9a0bf65390ad0f5095f27a5ab8ad57878.zip
1 files changed, 36 insertions, 0 deletions
diff --git a/node/spoutnik.nix b/node/spoutnik.nix
index 55df7d7..4aa6f91 100644
--- a/node/spoutnik.nix
+++ b/node/spoutnik.nix
@@ -24,5 +24,41 @@
     ips = [ "10.42.0.2/16" ];
     listenPort = 42136;
   };
+
+  # Nginx configuration:
+
+  services.nginx = {
+    enable = true;
+
+    # Use recommended settings
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    # Add any further config to match your needs, e.g.:
+    virtualHosts = let
+      base = locations: {
+        inherit locations;
+
+        forceSSL = true;
+        enableACME = true;
+      };
+      proxy = addr: port: base {
+        "/".proxyPass = "http://" + addr + ":" + toString(port);
+      };
+    in {
+      "axl.deuxfleurs.fr" = proxy "192.168.0.60" 80;
+      "warez.luxeylab.net" = proxy "192.168.0.50" 80;
+    };
+  };
+
+
+  # ACME:
+
+  security.acme = {
+    acceptTerms = true;
+    email = "adrien@luxeylab.net";
+  };
 }
author	ADRN <adrien@luxeylab.net>	2021-11-28 19:20:36 +0100
committer	ADRN <adrien@luxeylab.net>	2021-11-28 19:20:36 +0100
commit	3bb938c9a0bf65390ad0f5095f27a5ab8ad57878 (patch)
tree	53a1c2dcec31b07c8e1d9091e89eba1e0b1275fc /node/spoutnik.nix
parent	2d8999b5d525f8552b48db0c63c6fb97a6015a4e (diff)
download	nixcfg-3bb938c9a0bf65390ad0f5095f27a5ab8ad57878.tar.gz nixcfg-3bb938c9a0bf65390ad0f5095f27a5ab8ad57878.zip