Add nginx, with basic config for pihole.
This probably should be reworked so it has a better structure, but this will work for a first pass.
This commit is contained in:
parent
a818c22412
commit
4b2058091b
|
|
@ -79,6 +79,7 @@
|
||||||
htop
|
htop
|
||||||
#mongodb
|
#mongodb
|
||||||
neovim
|
neovim
|
||||||
|
nginx
|
||||||
python3
|
python3
|
||||||
tmux
|
tmux
|
||||||
#unifi8
|
#unifi8
|
||||||
|
|
@ -107,12 +108,64 @@
|
||||||
|
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
|
|
||||||
# Enable Tailscale
|
services.nginx = {
|
||||||
services.tailscale.enable = true;
|
enable = true;
|
||||||
|
virtualHosts."pihole.quinn.local" = {
|
||||||
|
addSSL = false;
|
||||||
|
enableACME = false;
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_pass http://127.0.0.1:10000;
|
||||||
|
client_body_buffer_size 128k;
|
||||||
|
client_max_body_size 10G;
|
||||||
|
|
||||||
|
#Timeout if the real server is dead
|
||||||
|
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
|
||||||
|
|
||||||
|
# Advanced Proxy Config
|
||||||
|
send_timeout 5m;
|
||||||
|
proxy_read_timeout 360;
|
||||||
|
proxy_send_timeout 360;
|
||||||
|
proxy_connect_timeout 360;
|
||||||
|
proxy_headers_hash_max_size 512;
|
||||||
|
proxy_headers_hash_bucket_size 128;
|
||||||
|
|
||||||
|
# Basic Proxy Config
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
proxy_set_header X-Forwarded-Uri $request_uri;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
proxy_set_header X-Scheme $scheme;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
# proxy_set_header Connection "";
|
||||||
|
proxy_cache_bypass $cookie_session;
|
||||||
|
proxy_no_cache $cookie_session;
|
||||||
|
proxy_buffers 64 256k;
|
||||||
|
proxy_buffer_size 128k;
|
||||||
|
proxy_busy_buffers_size 256k;
|
||||||
|
|
||||||
|
# If behind reverse proxy, forwards the correct IP
|
||||||
|
set_real_ip_from 10.0.0.0/8;
|
||||||
|
set_real_ip_from 172.16.0.0/12;
|
||||||
|
set_real_ip_from 192.168.0.0/16;
|
||||||
|
set_real_ip_from fc00::/7;
|
||||||
|
real_ip_header X-Forwarded-For;
|
||||||
|
real_ip_recursive on;
|
||||||
|
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
# Enable the OpenSSH daemon.
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
|
||||||
|
# Enable Tailscale
|
||||||
|
services.tailscale.enable = true;
|
||||||
|
|
||||||
# Enable the Unifi controller service
|
# Enable the Unifi controller service
|
||||||
#services.unifi.enable = true;
|
#services.unifi.enable = true;
|
||||||
#services.unifi.unifiPackage = pkgs.unifi8;
|
#services.unifi.unifiPackage = pkgs.unifi8;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue