diff --git a/hosts/by-name/servo/services/bitmagnet.nix b/hosts/by-name/servo/services/bitmagnet.nix index 873cf9f50..d92108f17 100644 --- a/hosts/by-name/servo/services/bitmagnet.nix +++ b/hosts/by-name/servo/services/bitmagnet.nix @@ -46,6 +46,7 @@ enableACME = true; locations."/" = { proxyPass = "http://${config.sane.netns.ovpns.veth.netns.ipv4}:3333"; + recommendedProxySettings = true; }; basicAuthFile = config.sops.secrets.bitmagnet_passwd.path; }; diff --git a/hosts/by-name/servo/services/goaccess.nix b/hosts/by-name/servo/services/goaccess.nix index 71d2c091c..8c1ba1415 100644 --- a/hosts/by-name/servo/services/goaccess.nix +++ b/hosts/by-name/servo/services/goaccess.nix @@ -56,6 +56,7 @@ lib.mkIf false #< 2024/09/30: disabled because i haven't used it in several mon locations."/ws" = { proxyPass = "http://127.0.0.1:7890"; + recommendedProxySettings = true; # XXX not sure how much of this is necessary extraConfig = '' proxy_http_version 1.1; diff --git a/hosts/by-name/servo/services/ipfs.nix b/hosts/by-name/servo/services/ipfs.nix index 7c32329d2..ad9a3e3f6 100644 --- a/hosts/by-name/servo/services/ipfs.nix +++ b/hosts/by-name/servo/services/ipfs.nix @@ -27,6 +27,7 @@ lib.mkIf false # i don't actively use ipfs anymore locations."/" = { proxyPass = "http://127.0.0.1:8080"; + recommendedProxySettings = true; extraConfig = '' proxy_set_header Host $host; proxy_set_header X-Ipfs-Gateway-Prefix ""; diff --git a/hosts/by-name/servo/services/kiwix-serve.nix b/hosts/by-name/servo/services/kiwix-serve.nix index 17bf569ab..1b8bd1859 100644 --- a/hosts/by-name/servo/services/kiwix-serve.nix +++ b/hosts/by-name/servo/services/kiwix-serve.nix @@ -27,7 +27,10 @@ forceSSL = true; enableACME = true; # inherit kTLS; - locations."/".proxyPass = "http://127.0.0.1:8013"; + locations."/" = { + proxyPass = "http://127.0.0.1:8013"; + recommendedProxySettings = true; + }; locations."= /robots.txt".extraConfig = '' return 200 "User-agent: *\nDisallow: /\n"; ''; diff --git a/hosts/by-name/servo/services/komga.nix b/hosts/by-name/servo/services/komga.nix index 294c5fe37..2ba41dc7d 100644 --- a/hosts/by-name/servo/services/komga.nix +++ b/hosts/by-name/servo/services/komga.nix @@ -17,6 +17,7 @@ lib.mkIf false #< 2024/09/30: disabled because i haven't used this for several enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:${builtins.toString port}"; + recommendedProxySettings = true; }; locations."= /robots.txt".extraConfig = '' return 200 "User-agent: *\nDisallow: /\n"; diff --git a/hosts/by-name/servo/services/matrix/default.nix b/hosts/by-name/servo/services/matrix/default.nix index 8f2230c2a..5b90e85ce 100644 --- a/hosts/by-name/servo/services/matrix/default.nix +++ b/hosts/by-name/servo/services/matrix/default.nix @@ -123,6 +123,7 @@ in locations."/" = { proxyPass = "http://127.0.0.1:8008"; + recommendedProxySettings = true; extraConfig = '' # allow uploading large files (matrix enforces a separate limit, downstream) client_max_body_size 512m; diff --git a/hosts/by-name/servo/services/matrix/irc.nix b/hosts/by-name/servo/services/matrix/irc.nix index 80e84cc4a..fb87bf9c4 100644 --- a/hosts/by-name/servo/services/matrix/irc.nix +++ b/hosts/by-name/servo/services/matrix/irc.nix @@ -184,6 +184,7 @@ in enableACME = true; locations."/media" = { proxyPass = "http://127.0.0.1:11111"; + recommendedProxySettings = true; }; }; diff --git a/hosts/by-name/servo/services/navidrome.nix b/hosts/by-name/servo/services/navidrome.nix index 3760548c0..1cee848d9 100644 --- a/hosts/by-name/servo/services/navidrome.nix +++ b/hosts/by-name/servo/services/navidrome.nix @@ -34,7 +34,10 @@ lib.mkIf false #< i don't actively use navidrome forceSSL = true; enableACME = true; # inherit kTLS; - locations."/".proxyPass = "http://127.0.0.1:4533"; + locations."/" = { + proxyPass = "http://127.0.0.1:4533"; + recommendedProxySettings = true; + }; }; sane.dns.zones."uninsane.org".inet.CNAME."music" = "native"; diff --git a/hosts/by-name/servo/services/nginx/uninsane.org.nix b/hosts/by-name/servo/services/nginx/uninsane.org.nix index cd686aa46..79a658f39 100644 --- a/hosts/by-name/servo/services/nginx/uninsane.org.nix +++ b/hosts/by-name/servo/services/nginx/uninsane.org.nix @@ -105,12 +105,8 @@ # static URLs might not be aware of .well-known (e.g. registration confirmation URLs), # so hack around that. - locations."/_matrix" = { - proxyPass = "http://127.0.0.1:8008"; - }; - locations."/_synapse" = { - proxyPass = "http://127.0.0.1:8008"; - }; + locations."/_matrix".extraConfig = "return 301 https://matrix.uninsane.org$request_uri;"; + locations."/_synapse".extraConfig = "return 301 https://matrix.uninsane.org$request_uri;"; # allow ActivityPub clients to discover how to reach @user@uninsane.org # see: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3361/ diff --git a/hosts/by-name/servo/services/slskd.nix b/hosts/by-name/servo/services/slskd.nix index 4c5cf0f48..2ebec1acd 100644 --- a/hosts/by-name/servo/services/slskd.nix +++ b/hosts/by-name/servo/services/slskd.nix @@ -36,6 +36,7 @@ locations."/" = { proxyPass = "http://${config.sane.netns.ovpns.veth.netns.ipv4}:5030"; proxyWebsockets = true; + recommendedProxySettings = true; }; }; diff --git a/hosts/by-name/servo/services/transmission/default.nix b/hosts/by-name/servo/services/transmission/default.nix index ae54e73c2..c6b6810dc 100644 --- a/hosts/by-name/servo/services/transmission/default.nix +++ b/hosts/by-name/servo/services/transmission/default.nix @@ -159,6 +159,7 @@ in locations."/" = { # proxyPass = "http://ovpns.uninsane.org:9091"; proxyPass = "http://${config.sane.netns.ovpns.veth.netns.ipv4}:9091"; + recommendedProxySettings = true; }; };