From 40f02be01c052b05711d3e50c1edfa7b85752489 Mon Sep 17 00:00:00 2001
From: Christine Elisabeth Koppel <kuutruu@posteo.net>
Date: Sat, 14 Feb 2026 00:28:11 +0100
Subject: [PATCH] Revert it.

---
 nix-system-configs/modules/system/traefik.nix | 41 +------------------
 1 file changed, 1 insertion(+), 40 deletions(-)

diff --git a/nix-system-configs/modules/system/traefik.nix b/nix-system-configs/modules/system/traefik.nix
index a53ea75..d66236b 100644
--- a/nix-system-configs/modules/system/traefik.nix
+++ b/nix-system-configs/modules/system/traefik.nix
@@ -212,8 +212,6 @@ in {
             rule = "Host(`git.prg-radio.org`)";
             service = "forgejo";
             entryPoints = ["websecure"];
-            # Ensure upstream receives standard proxy headers
-            middlewares = ["anubis-proxy-headers-forgejo"];
             tls = {};
           };
 
@@ -238,59 +236,23 @@ in {
             rule = "Host(`partdb.prg-radio.org`)";
             service = "partdb";
             entryPoints = ["websecure"];
-            # Ensure upstream receives standard proxy headers
-            middlewares = ["anubis-proxy-headers-partdb"];
             tls = {};
           };
         };
 
-        # Middlewares that inject proxy-style headers (per service)
-        http.middlewares = {
-          anubis-proxy-headers-forgejo = {
-            headers = {
-              customRequestHeaders = {
-                # Indicate original scheme; the TLS termination at Traefik is HTTPS
-                "X-Forwarded-Proto" = "https";
-                # Tell the backend which host the client used
-                "X-Forwarded-Host" = "git.prg-radio.org";
-                # Original destination port
-                "X-Forwarded-Port" = "443";
-                # Common nginx-style proxy headers for parity testing
-                "Host" = "git.prg-radio.org";
-                "X-Real-IP" = "${X-Forwarded-For}"; # placeholder - will be literal if not supported
-                "X-Http-Version" = "HTTP/2";
-              };
-            };
-          };
-
-          anubis-proxy-headers-partdb = {
-            headers = {
-              customRequestHeaders = {
-                "X-Forwarded-Proto" = "https";
-                "X-Forwarded-Host" = "partdb.prg-radio.org";
-                "X-Forwarded-Port" = "443";
-                "Host" = "partdb.prg-radio.org";
-                "X-Real-IP" = "${X-Forwarded-For}"; # placeholder - will be literal if not supported
-                "X-Http-Version" = "HTTP/2";
-              };
-            };
-          };
-        };
-
         http.services = {
           # Anubis service (challenge UI / redirect endpoint)
           anubis.loadBalancer = {
             servers = [
               {url = "http://127.0.0.1:8090";}
             ];
-            passHostHeader = true;
+            #passHostHeader = true;
           };
 
           forgejo.loadBalancer = {
             servers = [
               {url = "http://127.0.0.1:8092";}
             ];
-            passHostHeader = true;
           };
           matrix.loadBalancer = {
             servers = [
@@ -307,7 +269,6 @@ in {
             servers = [
               {url = "http://127.0.0.1:8094";}
             ];
-            passHostHeader = true;
           };
         };