root/the_prg_server_configuration_old
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Try to investigate excessive soul weighing.

Browse source
This commit is contained in:
Root User 2026-02-14 00:26:41 +01:00
parent 3c19a950a7
commit 7b8600e5ec
Signed by: root
GPG key ID: 087F0A95E5766D72
1 changed files with 40 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

41
nix-system-configs/modules/system/traefik.nix
View file

@ -212,6 +212,8 @@ in {
rule = "Host(`git.prg-radio.org`)"; rule = "Host(`git.prg-radio.org`)";
service = "forgejo"; service = "forgejo";
entryPoints = ["websecure"]; entryPoints = ["websecure"];
# Ensure upstream receives standard proxy headers
middlewares = ["anubis-proxy-headers-forgejo"];
tls = {}; tls = {};
}; };
@ -236,23 +238,59 @@ in {
rule = "Host(`partdb.prg-radio.org`)"; rule = "Host(`partdb.prg-radio.org`)";
service = "partdb"; service = "partdb";
entryPoints = ["websecure"]; entryPoints = ["websecure"];
# Ensure upstream receives standard proxy headers
middlewares = ["anubis-proxy-headers-partdb"];
tls = {}; tls = {};
}; };
}; };
# Middlewares that inject proxy-style headers (per service)
http.middlewares = {
anubis-proxy-headers-forgejo = {
headers = {
customRequestHeaders = {
# Indicate original scheme; the TLS termination at Traefik is HTTPS
"X-Forwarded-Proto" = "https";
# Tell the backend which host the client used
"X-Forwarded-Host" = "git.prg-radio.org";
# Original destination port
"X-Forwarded-Port" = "443";
# Common nginx-style proxy headers for parity testing
"Host" = "git.prg-radio.org";
"X-Real-IP" = "${X-Forwarded-For}"; # placeholder - will be literal if not supported
"X-Http-Version" = "HTTP/2";
};
};
};
anubis-proxy-headers-partdb = {
headers = {
customRequestHeaders = {
"X-Forwarded-Proto" = "https";
"X-Forwarded-Host" = "partdb.prg-radio.org";
"X-Forwarded-Port" = "443";
"Host" = "partdb.prg-radio.org";
"X-Real-IP" = "${X-Forwarded-For}"; # placeholder - will be literal if not supported
"X-Http-Version" = "HTTP/2";
};
};
};
};
http.services = { http.services = {
# Anubis service (challenge UI / redirect endpoint) # Anubis service (challenge UI / redirect endpoint)
anubis.loadBalancer = { anubis.loadBalancer = {
servers = [ servers = [
{url = "http://127.0.0.1:8090";} {url = "http://127.0.0.1:8090";}
]; ];
#passHostHeader = true; passHostHeader = true;
}; };
forgejo.loadBalancer = { forgejo.loadBalancer = {
servers = [ servers = [
{url = "http://127.0.0.1:8092";} {url = "http://127.0.0.1:8092";}
]; ];
passHostHeader = true;
}; };
matrix.loadBalancer = { matrix.loadBalancer = {
servers = [ servers = [
@ -269,6 +307,7 @@ in {
servers = [ servers = [
{url = "http://127.0.0.1:8094";} {url = "http://127.0.0.1:8094";}
]; ];
passHostHeader = true;
}; };
}; };