56 lines
1.4 KiB
Nix
56 lines
1.4 KiB
Nix
{ pkgs, ... }:
|
|
|
|
let
|
|
ccchhBrandingResources = pkgs.fetchgit {
|
|
url = "https://gitlab.hamburg.ccc.de/ccchh/ccchh-branding.git";
|
|
rev = "232dfa89ede1414db58576a491021e15c16a5133";
|
|
hash = "sha256-qhNcvkRpLJmFg8yQYUJ6rV0HdTRDcl5Cp/lJ/tL2Q4w=";
|
|
};
|
|
in
|
|
{
|
|
services.nginx.virtualHosts = {
|
|
"acme-branding-resources.hamburg.ccc.de" = {
|
|
enableACME = true;
|
|
serverName = "branding-resources.hamburg.ccc.de";
|
|
|
|
listen = [
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 31820;
|
|
}
|
|
];
|
|
};
|
|
|
|
"branding-resources.hamburg.ccc.de" = {
|
|
forceSSL = true;
|
|
useACMEHost = "branding-resources.hamburg.ccc.de";
|
|
|
|
listen = [
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 8443;
|
|
ssl = true;
|
|
proxyProtocol = true;
|
|
}
|
|
];
|
|
|
|
root = pkgs.buildEnv {
|
|
name = "ccchh-branding-resources";
|
|
paths = [
|
|
ccchhBrandingResources
|
|
];
|
|
};
|
|
|
|
extraConfig = ''
|
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
|
# $remote_port to the client address and client port, when using proxy
|
|
# protocol.
|
|
# First set our proxy protocol proxy as trusted.
|
|
set_real_ip_from 172.31.17.140;
|
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
|
# header.
|
|
real_ip_header proxy_protocol;
|
|
'';
|
|
};
|
|
};
|
|
}
|