Add nginx, with basic config for pihole.

This probably should be reworked so it has a better structure, but this will work for a first pass.
2024-07-21 21:19:41 +00:00 · 2024-07-21 21:19:41 +00:00 · 4b2058091b
parent a818c22412
commit 4b2058091b
1 changed files with 55 additions and 2 deletions
--- a/quinn/etc/nixos/configuration.nix
+++ b/quinn/etc/nixos/configuration.nix
@ -79,6 +79,7 @@
    htop
    #mongodb
    neovim
+    nginx
    python3
    tmux
    #unifi8
@ -107,12 +108,64 @@

  # List services that you want to enable:

-  # Enable Tailscale
-  services.tailscale.enable = true;
+  services.nginx = {
+    enable = true;
+    virtualHosts."pihole.quinn.local" = {
+      addSSL = false;
+      enableACME = false;
+      locations."/".extraConfig = ''
+        proxy_pass http://127.0.0.1:10000;
+	client_body_buffer_size 128k;
+        client_max_body_size 10G;
+
+        #Timeout if the real server is dead
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+
+        # Advanced Proxy Config
+        send_timeout 5m;
+        proxy_read_timeout 360;
+        proxy_send_timeout 360;
+        proxy_connect_timeout 360;
+        proxy_headers_hash_max_size 512;
+        proxy_headers_hash_bucket_size 128;
+
+        # Basic Proxy Config
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-Uri $request_uri;
+        proxy_set_header X-Forwarded-Ssl on;
+        proxy_set_header X-Scheme $scheme;
+        proxy_http_version 1.1;
+        # proxy_set_header Connection "";
+        proxy_cache_bypass $cookie_session;
+        proxy_no_cache $cookie_session;
+        proxy_buffers 64 256k;
+        proxy_buffer_size 128k;
+        proxy_busy_buffers_size 256k;
+
+        # If behind reverse proxy, forwards the correct IP
+        set_real_ip_from 10.0.0.0/8;
+        set_real_ip_from 172.16.0.0/12;
+        set_real_ip_from 192.168.0.0/16;
+        set_real_ip_from fc00::/7;
+        real_ip_header X-Forwarded-For;
+        real_ip_recursive on;
+
+      '';
+    };
+  };
+

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;

+  # Enable Tailscale
+  services.tailscale.enable = true;
+
  # Enable the Unifi controller service
  #services.unifi.enable = true;
  #services.unifi.unifiPackage = pkgs.unifi8;