servo: add recommendedProxySettings to all nginx services which were missing it

This commit is contained in:
2025-07-24 23:10:34 +00:00
parent 97dfb58bbb
commit 1ae307c8f4
11 changed files with 18 additions and 8 deletions

View File

@@ -46,6 +46,7 @@
enableACME = true;
locations."/" = {
proxyPass = "http://${config.sane.netns.ovpns.veth.netns.ipv4}:3333";
recommendedProxySettings = true;
};
basicAuthFile = config.sops.secrets.bitmagnet_passwd.path;
};

View File

@@ -56,6 +56,7 @@ lib.mkIf false #< 2024/09/30: disabled because i haven't used it in several mon
locations."/ws" = {
proxyPass = "http://127.0.0.1:7890";
recommendedProxySettings = true;
# XXX not sure how much of this is necessary
extraConfig = ''
proxy_http_version 1.1;

View File

@@ -27,6 +27,7 @@ lib.mkIf false # i don't actively use ipfs anymore
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
recommendedProxySettings = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Ipfs-Gateway-Prefix "";

View File

@@ -27,7 +27,10 @@
forceSSL = true;
enableACME = true;
# inherit kTLS;
locations."/".proxyPass = "http://127.0.0.1:8013";
locations."/" = {
proxyPass = "http://127.0.0.1:8013";
recommendedProxySettings = true;
};
locations."= /robots.txt".extraConfig = ''
return 200 "User-agent: *\nDisallow: /\n";
'';

View File

@@ -17,6 +17,7 @@ lib.mkIf false #< 2024/09/30: disabled because i haven't used this for several
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
recommendedProxySettings = true;
};
locations."= /robots.txt".extraConfig = ''
return 200 "User-agent: *\nDisallow: /\n";

View File

@@ -123,6 +123,7 @@ in
locations."/" = {
proxyPass = "http://127.0.0.1:8008";
recommendedProxySettings = true;
extraConfig = ''
# allow uploading large files (matrix enforces a separate limit, downstream)
client_max_body_size 512m;

View File

@@ -184,6 +184,7 @@ in
enableACME = true;
locations."/media" = {
proxyPass = "http://127.0.0.1:11111";
recommendedProxySettings = true;
};
};

View File

@@ -34,7 +34,10 @@ lib.mkIf false #< i don't actively use navidrome
forceSSL = true;
enableACME = true;
# inherit kTLS;
locations."/".proxyPass = "http://127.0.0.1:4533";
locations."/" = {
proxyPass = "http://127.0.0.1:4533";
recommendedProxySettings = true;
};
};
sane.dns.zones."uninsane.org".inet.CNAME."music" = "native";

View File

@@ -105,12 +105,8 @@
# static URLs might not be aware of .well-known (e.g. registration confirmation URLs),
# so hack around that.
locations."/_matrix" = {
proxyPass = "http://127.0.0.1:8008";
};
locations."/_synapse" = {
proxyPass = "http://127.0.0.1:8008";
};
locations."/_matrix".extraConfig = "return 301 https://matrix.uninsane.org$request_uri;";
locations."/_synapse".extraConfig = "return 301 https://matrix.uninsane.org$request_uri;";
# allow ActivityPub clients to discover how to reach @user@uninsane.org
# see: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3361/

View File

@@ -36,6 +36,7 @@
locations."/" = {
proxyPass = "http://${config.sane.netns.ovpns.veth.netns.ipv4}:5030";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};

View File

@@ -159,6 +159,7 @@ in
locations."/" = {
# proxyPass = "http://ovpns.uninsane.org:9091";
proxyPass = "http://${config.sane.netns.ovpns.veth.netns.ipv4}:9091";
recommendedProxySettings = true;
};
};