64 lines
1.6 KiB
Nix
64 lines
1.6 KiB
Nix
{config, lib, pkgs, ...}:
|
|
|
|
{
|
|
networking.firewall.allowedTCPPorts = [
|
|
80 # HTTP
|
|
443 # HTTPs
|
|
];
|
|
|
|
services.netdata = {
|
|
enable = true;
|
|
};
|
|
|
|
# Enable nginx service
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
# Use recommended settings
|
|
# Don't use recommended Proxy settings because it does funky things with the setup
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedTlsSettings = true;
|
|
virtualHosts."${config.networking.hostName}.live.hacc.media" = {
|
|
locations = {
|
|
"/" = {
|
|
return = "301 \"http://$cdnhosts$request_uri\"";
|
|
extraConfig = ''
|
|
auth_basic off;
|
|
'';
|
|
};
|
|
"/stats" = {
|
|
return = "301 /stats/";
|
|
};
|
|
"~ /stats/(?<ndpath>.*)" = {
|
|
proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args";
|
|
extraConfig = ''
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_http_version 1.1;
|
|
proxy_pass_request_headers on;
|
|
proxy_set_header Connection "keep-alive";
|
|
proxy_store off;
|
|
|
|
gzip on;
|
|
gzip_proxied any;
|
|
gzip_types *;
|
|
'';
|
|
};
|
|
};
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
};
|
|
appendHttpConfig = ''
|
|
split_clients "$remote_addr" $cdnhosts {
|
|
50% "cdn-node-1.live.hacc.media";
|
|
50% "cdn-node-2.live.hacc.media";
|
|
}
|
|
'';
|
|
};
|
|
}
|