forked from CCCHH/nix-infra
christian
6a0218c132
The old easterhegg pages from 2003, 2005, 2007, 2009, 2011 are served on the easterhegg.eu domain and all old subdomains under hamburg.ccc.de redirect to the corresponding pages under easterhegg.eu
106 lines
2.8 KiB
Nix
106 lines
2.8 KiB
Nix
{ pkgs, ... }:
|
|
|
|
let
|
|
eh09 = pkgs.fetchgit {
|
|
url = "https://git.hamburg.ccc.de/CCCHH/easterhegg-2009-website.git";
|
|
rev = "6d4a50c5ab23870072f0b33dd0171b0c56d6cab5";
|
|
hash = "sha256-kPJOrKseJD/scRxhYFa249DT1cYmeCjnK50Bt0IJZK8=";
|
|
};
|
|
in
|
|
{
|
|
security.acme.certs."eh09.easterhegg.eu".extraDomainNames = [
|
|
"eh2009.hamburg.ccc.de"
|
|
"www.eh2009.hamburg.ccc.de"
|
|
"eh09.hamburg.ccc.de"
|
|
"www.eh09.hamburg.ccc.de"
|
|
"easterhegg2009.hamburg.ccc.de"
|
|
"www.easterhegg2009.hamburg.ccc.de"
|
|
];
|
|
|
|
services.nginx.virtualHosts = {
|
|
"acme-eh09.easterhegg.eu" = {
|
|
enableACME = true;
|
|
serverName = "eh09.easterhegg.eu";
|
|
serverAliases = [
|
|
"eh2009.hamburg.ccc.de"
|
|
"www.eh2009.hamburg.ccc.de"
|
|
"eh09.hamburg.ccc.de"
|
|
"www.eh09.hamburg.ccc.de"
|
|
"easterhegg2009.hamburg.ccc.de"
|
|
"www.easterhegg2009.hamburg.ccc.de"
|
|
];
|
|
listen = [{
|
|
addr = "0.0.0.0";
|
|
port = 31820;
|
|
}];
|
|
};
|
|
|
|
"easterhegg2009.hamburg.ccc.de" = {
|
|
forceSSL = true;
|
|
useACMEHost = "eh09.easterhegg.eu";
|
|
serverAliases = [
|
|
"eh2009.hamburg.ccc.de"
|
|
"www.eh2009.hamburg.ccc.de"
|
|
"eh09.hamburg.ccc.de"
|
|
"www.eh09.hamburg.ccc.de"
|
|
"www.easterhegg2009.hamburg.ccc.de"
|
|
];
|
|
|
|
listen = [{
|
|
addr = "0.0.0.0";
|
|
port = 8443;
|
|
ssl = true;
|
|
proxyProtocol = true;
|
|
}];
|
|
|
|
locations."/".return = "302 https://eh09.easterhegg.eu";
|
|
|
|
extraConfig = ''
|
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
|
# $remote_port to the client address and client port, when using proxy
|
|
# protocol.
|
|
# First set our proxy protocol proxy as trusted.
|
|
set_real_ip_from 172.31.17.140;
|
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
|
# header.
|
|
real_ip_header proxy_protocol;
|
|
'';
|
|
};
|
|
|
|
"eh09.easterhegg.eu" = {
|
|
forceSSL = true;
|
|
useACMEHost = "eh09.easterhegg.eu";
|
|
|
|
listen = [{
|
|
addr = "0.0.0.0";
|
|
port = 8443;
|
|
ssl = true;
|
|
proxyProtocol = true;
|
|
}];
|
|
|
|
locations."/" = {
|
|
index = "index.shtml";
|
|
root = eh09;
|
|
extraConfig = ''
|
|
# Set default_type to html
|
|
default_type text/html;
|
|
# Enable SSI
|
|
ssi on;
|
|
'';
|
|
};
|
|
extraConfig = ''
|
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
|
# $remote_port to the client address and client port, when using proxy
|
|
# protocol.
|
|
# First set our proxy protocol proxy as trusted.
|
|
set_real_ip_from 172.31.17.140;
|
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
|
# header.
|
|
real_ip_header proxy_protocol;
|
|
# Enable SSI
|
|
ssi on;
|
|
'';
|
|
};
|
|
};
|
|
}
|