mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-22 08:04:20 +01:00
Try to get some services to semi wan
Signed-off-by: Magic_RB <magic_rb@redalder.org>
This commit is contained in:
Magic_RB
parent
9b371b8662
commit
0c4f7b971f
|
|
@ -12,6 +12,8 @@ in
|
|||
flake_sha = vars.flake_sha;
|
||||
store_path = config'.flake.nixngConfigurations.ingressBlowhole.config.system.build.toplevel;
|
||||
upstreams = "\${file(\"${./upstreams.conf}\")}";
|
||||
jellyfin = "\${file(\"${./jellyfin.conf}\")}";
|
||||
hass = "\${file(\"${./hass.conf}\")}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,6 +14,14 @@ variable "upstreams" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "jellyfin" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "hass" {
|
||||
type = string
|
||||
}
|
||||
|
||||
job "ingress" {
|
||||
datacenters = [ "homelab-1" ]
|
||||
type = "service"
|
||||
|
|
@ -29,9 +37,15 @@ job "ingress" {
|
|||
network {
|
||||
mode = "bridge"
|
||||
|
||||
port "http-paccess" {
|
||||
static = 80
|
||||
to = 81
|
||||
port "http-jellyfin" {
|
||||
static = 8096
|
||||
to = 8096
|
||||
host_network = "wan"
|
||||
}
|
||||
|
||||
port "http-hass" {
|
||||
static = 8086
|
||||
to = 8086
|
||||
host_network = "wan"
|
||||
}
|
||||
|
||||
|
|
@ -279,6 +293,14 @@ EOF
|
|||
change_signal = "SIGHUP"
|
||||
}
|
||||
|
||||
template {
|
||||
data = var.
|
||||
|
||||
destination = "local/upstreams.conf"
|
||||
change_mode = "signal"
|
||||
change_signal = "SIGHUP"
|
||||
}
|
||||
|
||||
template {
|
||||
data = <<EOF
|
||||
upstream dovecot-imap {
|
||||
|
|
|
|||
|
|
@ -36,39 +36,21 @@ upstream matrix-mautrix-facebook {
|
|||
|
||||
server {
|
||||
listen 80;
|
||||
listen 81;
|
||||
|
||||
server_name jellyfin.in.redalder.org;
|
||||
|
||||
include /local/security.conf;
|
||||
|
||||
client_max_body_size 100M;
|
||||
|
||||
location / {
|
||||
# Proxy main Jellyfin traffic
|
||||
|
||||
# The / at the end is significant.
|
||||
# https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
|
||||
|
||||
proxy_pass http://jellyfin/;
|
||||
|
||||
proxy_pass_request_headers on;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
|
||||
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
|
||||
proxy_buffering off;
|
||||
}
|
||||
include /local/jellyfin.conf
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8096;
|
||||
|
||||
server_name _;
|
||||
|
||||
include /local/jellyfin.conf
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
|
|
@ -85,23 +67,22 @@ server {
|
|||
|
||||
server {
|
||||
listen 80;
|
||||
listen 81;
|
||||
|
||||
server_name hass.in.redalder.org;
|
||||
|
||||
include /local/hass.conf
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8086;
|
||||
|
||||
server_name _;
|
||||
|
||||
include /local/security.conf;
|
||||
|
||||
location / {
|
||||
include /local/headers.conf;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
proxy_pass http://home-assistant/;
|
||||
|
||||
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
|
||||
proxy_buffering off;
|
||||
include /local/hass.conf
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue