From d256082221274ec9fb09d4521d299a2fdefefc91 Mon Sep 17 00:00:00 2001
From: julian <julian@jsts.xyz>
Date: Fri, 11 Aug 2023 00:55:47 +0200
Subject: [PATCH] Proxy AES in Club to new location for cached DNS records

Do that so that cached DNS records don't make problems. (We had a TTL of
1 week for some reason, so people having that in their cache might still
resolve to the Club. This shouldn't be a problem anymore at
~14.08.2023.)
---
 .../z9/configs/public-reverse-proxy/nginx/nginx.conf | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf b/playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf
index bf0abe2..980aaf1 100644
--- a/playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf
+++ b/playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf
@@ -15,14 +15,24 @@ events {
 # Listen on port 443 as a reverse proxy and use PROXY Protocol for the
 # upstreams.
 stream {
+    map $ssl_preread_server_name $first_jump {
+        aes.ccchh.net 212.12.48.125:443;
+        default 127.0.0.1:9443;
+    }
+
     map $ssl_preread_server_name $address {
         wiki.ccchh.net 10.31.206.13:8443;
-        aes.ccchh.net 10.31.206.14:8443;
         default 127.0.0.1:8443;
     }
 
     server {
         listen 0.0.0.0:443;
+        proxy_pass $first_jump;
+        ssl_preread on;
+    }
+
+    server {
+        listen 0.0.0.0:9443;
         proxy_pass $address;
         ssl_preread on;
         proxy_protocol on;