{config, lib, pkgs, ...}: { networking.firewall.allowedTCPPorts = [ 80 # HTTP 443 # HTTPs ]; services.netdata = { enable = true; }; # Enable nginx service services.nginx = { enable = true; # Use recommended settings # Don't use recommended Proxy settings because it does funky things with the setup recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; virtualHosts."${config.networking.hostName}.live.hacc.media" = { forceSSL = true; enableACME = true; # basicAuth = basicAuthLogin; locations = { "/stats" = { return = "301 /stats/"; }; "~ /stats/(?.*)" = { proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args"; extraConfig = '' proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; gzip on; gzip_proxied any; gzip_types *; ''; }; }; }; }; }