Add config files for new ingress-blowhole

Signed-off-by: Magic_RB <magic_rb@redalder.org>
2024-11-22 08:04:20 +01:00 · 2023-09-03 18:08:34 +02:00 · 2023-09-03 18:08:34 +02:00 · dfd63ff1f1
parent bdf4915191
commit dfd63ff1f1
4 changed files with 55 additions and 9 deletions
--- a/terranix/containers/ingress-blowhole/hass.conf
+++ b/terranix/containers/ingress-blowhole/hass.conf
@ -0,0 +1,14 @@
+include /local/security.conf;
+
+location / {
+  include /local/headers.conf;
+
+  proxy_http_version 1.1;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection "upgrade";
+
+  proxy_pass http://home-assistant/;
+
+  # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+  proxy_buffering off;
+}
--- a/terranix/containers/ingress-blowhole/jellyfin.conf
+++ b/terranix/containers/ingress-blowhole/jellyfin.conf
@ -0,0 +1,27 @@
+include /local/security.conf;
+
+client_max_body_size 100M;
+
+location / {
+  # Proxy main Jellyfin traffic
+
+  # The / at the end is significant.
+  # https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
+
+  proxy_pass http://jellyfin/;
+
+  proxy_pass_request_headers on;
+
+  proxy_set_header Host $host;
+
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header X-Forwarded-Proto $scheme;
+  proxy_set_header X-Forwarded-Host $http_host;
+
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection $http_connection;
+
+  # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+  proxy_buffering off;
+}
--- a/terranix/containers/ingress-blowhole/job.hcl
+++ b/terranix/containers/ingress-blowhole/job.hcl
@ -294,9 +294,17 @@ EOF
      }

      template {
-        data = var.
+        data = var.jellyfin

-        destination   = "local/upstreams.conf"
+        destination   = "local/jellyfin.conf"
+        change_mode   = "signal"
+        change_signal = "SIGHUP"
+      }
+
+      template {
+        data = var.hass
+
+        destination   = "local/hass.conf"
        change_mode   = "signal"
        change_signal = "SIGHUP"
      }
--- a/terranix/containers/ingress-blowhole/upstreams.conf
+++ b/terranix/containers/ingress-blowhole/upstreams.conf
@ -39,7 +39,7 @@ server {

  server_name jellyfin.in.redalder.org;

-  include /local/jellyfin.conf
+  include /local/jellyfin.conf;
 }

 server {
@ -47,7 +47,7 @@ server {

  server_name _;

-  include /local/jellyfin.conf
+  include /local/jellyfin.conf;
 }


@ -70,7 +70,7 @@ server {

  server_name hass.in.redalder.org;

-  include /local/hass.conf
+  include /local/hass.conf;
 }

 server {
@ -80,10 +80,7 @@ server {

  include /local/security.conf;

-  location / {
-    include /local/headers.conf;
-    include /local/hass.conf
-  }
+  include /local/hass.conf;
 }

 server {