gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(nginx): proxy options

Browse source
This commit is contained in:
arcnmx 2024-04-18 10:40:35 -07:00
parent c3f3fe1fed
commit 02508ecbd3
18 changed files with 638 additions and 424 deletions
Download patch file Download diff file Expand all files Collapse all files

37
nixos/access/freeipa.nix
View file

@ -18,31 +18,28 @@ let
ssl_verify_client optional_no_ca;
'';
locations' = domain: {
"/" = {
"/" = { config, xvars, ... }: {
proxy = {
enable = true;
url = mkDefault access.proxyPass;
host = mkDefault domain;
headers = {
rewriteReferer.enable = true;
set = {
X-SSL-CERT = "$ssl_client_escaped_cert";
};
};
redirect = {
enable = true;
fromHost = config.proxy.host;
fromScheme = xvars.get.proxy_scheme;
};
};
proxyPass = mkDefault access.proxyPass;
recommendedProxySettings = false;
extraConfig = ''
proxy_set_header Host ${domain};
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_redirect https://${domain}/ $scheme://$host/;
proxy_ssl_server_name on;
proxy_ssl_name ${domain};
set $x_referer $http_referer;
if ($x_referer ~ "^https://([^/]*)/(.*)$") {
set $x_referer_host $1;
set $x_referer_path $2;
}
if ($x_referer_host = $host) {
set $x_referer "https://${domain}/$x_referer_path";
}
proxy_set_header Referer $x_referer;
'';
};
};