colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

servo: add recommendedProxySettings to all nginx services which were missing it

Browse Source
This commit is contained in:
Colin
2025-07-24 23:10:34 +00:00
parent 97dfb58bbb
commit 1ae307c8f4
11 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/by-name/servo/services/bitmagnet.nix
View File

@@ -46,6 +46,7 @@
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://${config.sane.netns.ovpns.veth.netns.ipv4}:3333"; proxyPass = "http://${config.sane.netns.ovpns.veth.netns.ipv4}:3333";
recommendedProxySettings = true;
}; };
basicAuthFile = config.sops.secrets.bitmagnet_passwd.path; basicAuthFile = config.sops.secrets.bitmagnet_passwd.path;
}; };

1
hosts/by-name/servo/services/goaccess.nix
View File

@@ -56,6 +56,7 @@ lib.mkIf false #< 2024/09/30: disabled because i haven't used it in several mon
locations."/ws" = { locations."/ws" = {
proxyPass = "http://127.0.0.1:7890"; proxyPass = "http://127.0.0.1:7890";
recommendedProxySettings = true;
# XXX not sure how much of this is necessary # XXX not sure how much of this is necessary
extraConfig = '' extraConfig = ''
proxy_http_version 1.1; proxy_http_version 1.1;

1
hosts/by-name/servo/services/ipfs.nix
View File

@@ -27,6 +27,7 @@ lib.mkIf false # i don't actively use ipfs anymore
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:8080"; proxyPass = "http://127.0.0.1:8080";
recommendedProxySettings = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Ipfs-Gateway-Prefix ""; proxy_set_header X-Ipfs-Gateway-Prefix "";

5
hosts/by-name/servo/services/kiwix-serve.nix
View File

@@ -27,7 +27,10 @@
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
# inherit kTLS; # inherit kTLS;
locations."/".proxyPass = "http://127.0.0.1:8013"; locations."/" = {
proxyPass = "http://127.0.0.1:8013";
recommendedProxySettings = true;
};
locations."= /robots.txt".extraConfig = '' locations."= /robots.txt".extraConfig = ''
return 200 "User-agent: *\nDisallow: /\n"; return 200 "User-agent: *\nDisallow: /\n";
''; '';

1
hosts/by-name/servo/services/komga.nix
View File

@@ -17,6 +17,7 @@ lib.mkIf false #< 2024/09/30: disabled because i haven't used this for several
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}"; proxyPass = "http://127.0.0.1:${builtins.toString port}";
recommendedProxySettings = true;
}; };
locations."= /robots.txt".extraConfig = '' locations."= /robots.txt".extraConfig = ''
return 200 "User-agent: *\nDisallow: /\n"; return 200 "User-agent: *\nDisallow: /\n";

1
hosts/by-name/servo/services/matrix/default.nix
View File

@@ -123,6 +123,7 @@ in
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:8008"; proxyPass = "http://127.0.0.1:8008";
recommendedProxySettings = true;
extraConfig = '' extraConfig = ''
# allow uploading large files (matrix enforces a separate limit, downstream) # allow uploading large files (matrix enforces a separate limit, downstream)
client_max_body_size 512m; client_max_body_size 512m;

1
hosts/by-name/servo/services/matrix/irc.nix
View File

@@ -184,6 +184,7 @@ in
enableACME = true; enableACME = true;
locations."/media" = { locations."/media" = {
proxyPass = "http://127.0.0.1:11111"; proxyPass = "http://127.0.0.1:11111";
recommendedProxySettings = true;
}; };
}; };

5
hosts/by-name/servo/services/navidrome.nix
View File

@@ -34,7 +34,10 @@ lib.mkIf false #< i don't actively use navidrome
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
# inherit kTLS; # inherit kTLS;
locations."/".proxyPass = "http://127.0.0.1:4533"; locations."/" = {
proxyPass = "http://127.0.0.1:4533";
recommendedProxySettings = true;
};
}; };
sane.dns.zones."uninsane.org".inet.CNAME."music" = "native"; sane.dns.zones."uninsane.org".inet.CNAME."music" = "native";

8
hosts/by-name/servo/services/nginx/uninsane.org.nix
View File

@@ -105,12 +105,8 @@
# static URLs might not be aware of .well-known (e.g. registration confirmation URLs), # static URLs might not be aware of .well-known (e.g. registration confirmation URLs),
# so hack around that. # so hack around that.
locations."/_matrix" = { locations."/_matrix".extraConfig = "return 301 https://matrix.uninsane.org$request_uri;";
proxyPass = "http://127.0.0.1:8008"; locations."/_synapse".extraConfig = "return 301 https://matrix.uninsane.org$request_uri;";
};
locations."/_synapse" = {
proxyPass = "http://127.0.0.1:8008";
};
# allow ActivityPub clients to discover how to reach @user@uninsane.org # allow ActivityPub clients to discover how to reach @user@uninsane.org
# see: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3361/ # see: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3361/

1
hosts/by-name/servo/services/slskd.nix
View File

@@ -36,6 +36,7 @@
locations."/" = { locations."/" = {
proxyPass = "http://${config.sane.netns.ovpns.veth.netns.ipv4}:5030"; proxyPass = "http://${config.sane.netns.ovpns.veth.netns.ipv4}:5030";
proxyWebsockets = true; proxyWebsockets = true;
recommendedProxySettings = true;
}; };
}; };

1
hosts/by-name/servo/services/transmission/default.nix
View File

@@ -159,6 +159,7 @@ in
locations."/" = { locations."/" = {
# proxyPass = "http://ovpns.uninsane.org:9091"; # proxyPass = "http://ovpns.uninsane.org:9091";
proxyPass = "http://${config.sane.netns.ovpns.veth.netns.ipv4}:9091"; proxyPass = "http://${config.sane.netns.ovpns.veth.netns.ipv4}:9091";
recommendedProxySettings = true;
}; };
}; };