From bd78e7561920adfdcfcf933c38154dfcb6869306 Mon Sep 17 00:00:00 2001 From: arcnmx Date: Sun, 11 Aug 2024 13:36:59 -0700 Subject: [PATCH] fix(nginx): proxied var defaults --- modules/nixos/nginx/proxied.nix | 10 ++++++++++ systems/logistics/nixos.nix | 6 ++++++ 2 files changed, 16 insertions(+) diff --git a/modules/nixos/nginx/proxied.nix b/modules/nixos/nginx/proxied.nix index f62b8c51..fc5158b7 100644 --- a/modules/nixos/nginx/proxied.nix +++ b/modules/nixos/nginx/proxied.nix @@ -9,6 +9,10 @@ let set $proxied_cf on; set $proxied_host_cf ${host}; ''; + xNotCloudflared = '' + set $proxied_cf ""; + set $proxied_host_cf ""; + ''; xHeadersProxied = {xvars}: '' ${xvars.init "forwarded_for" "$proxy_add_x_forwarded_for"} if ($http_x_forwarded_proto) { @@ -104,6 +108,9 @@ let (mkIf (cfg.enable == "cloudflared" && virtualHost.proxied.enable != "cloudflared") ( mkJustBefore (xCloudflared {inherit virtualHost;}) )) + (mkIf (cfg.enabled && emitVars && cfg.enable != "cloudflared") ( + mkJustBefore xNotCloudflared + )) (mkIf (xInit && emitVars) ( mkJustBefore (xHeadersProxied {inherit xvars;}) )) @@ -212,6 +219,9 @@ let (mkIf (cfg.enable == "cloudflared") ( mkOrder orderJustBefore (xCloudflared {virtualHost = config;}) )) + (mkIf (cfg.enabled && cfg.enable != "cloudflared") ( + mkOrder orderJustBefore xNotCloudflared + )) (mkIf (xInit && cfg.enabled && config.xvars.enable) ( mkOrder (orderJustBefore + 25) (xHeadersProxied {inherit xvars;}) )) diff --git a/systems/logistics/nixos.nix b/systems/logistics/nixos.nix index fc5e12c6..c51a2b19 100644 --- a/systems/logistics/nixos.nix +++ b/systems/logistics/nixos.nix @@ -72,6 +72,12 @@ in { enable = true; user = "logistics"; }; + services.nginx = { + commonHttpConfig = '' + proxy_headers_hash_max_size 1024; + proxy_headers_hash_bucket_size 128; + ''; + }; sops = { defaultSopsFile = ./secrets.yaml;