diff --git a/config/hosts/public-web-static/virtualHosts/c3cat.de.nix b/config/hosts/public-web-static/virtualHosts/c3cat.de.nix new file mode 100644 index 0000000..9533e93 --- /dev/null +++ b/config/hosts/public-web-static/virtualHosts/c3cat.de.nix @@ -0,0 +1,46 @@ +{ pkgs, ... }: + +{ + services.nginx.virtualHosts = { + "acme-c3cat.de" = { + enableACME = true; + serverName = "c3cat.de"; + + listen = [ + { + addr = "0.0.0.0"; + port = 31820; + } + ]; + }; + + "c3cat.de" = { + forceSSL = true; + useACMEHost = "c3cat.de"; + + listen = [ + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; + + locations."/" = { + return = "302 https://wiki.ccchh.net/club:c3cat:start"; + }; + + extraConfig = '' + # Make use of the ngx_http_realip_module to set the $remote_addr and + # $remote_port to the client address and client port, when using proxy + # protocol. + # First set our proxy protocol proxy as trusted. + set_real_ip_from 172.31.17.140; + # Then tell the realip_module to get the addreses from the proxy protocol + # header. + real_ip_header proxy_protocol; + ''; + }; + }; +} diff --git a/config/hosts/public-web-static/virtualHosts/default.nix b/config/hosts/public-web-static/virtualHosts/default.nix index 6b5398a..5036faf 100644 --- a/config/hosts/public-web-static/virtualHosts/default.nix +++ b/config/hosts/public-web-static/virtualHosts/default.nix @@ -3,6 +3,7 @@ { imports = [ ./branding-resources.hamburg.ccc.de.nix + ./c3cat.de.nix ./element.hamburg.ccc.de.nix ./next.hamburg.ccc.de.nix ./spaceapi.hamburg.ccc.de.nix