chore: switch back to frp since haproxy was causing a lot of issues

2025-12-04 23:00:14 +01:00 · 2025-06-03 21:00:03 +02:00 · 2025-06-03 21:00:03 +02:00 · 90bf2a8891
commit 90bf2a8891
parent c07d0c5f9b
1 changed files with 20 additions and 39 deletions
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@ -37,41 +37,35 @@
    recommendedProxySettings = true;
    clientMaxBodySize = lib.mkDefault "10G";
-    defaultListen =
+    #defaultListen =
-      let
+    #  let
-        listen = [
+    #    listen = [
-          {
+    #      {
-            addr = "[::]";
+    #        addr = "[::]";
-            port = 80;
+    #        port = 80;
-            extraParameters = [ "proxy_protocol" ];
+    #        extraParameters = [ "proxy_protocol" ];
-          }
+    #      }
-          {
+    #      {
-            addr = "[::]";
+    #        addr = "[::]";
-            port = 443;
+    #        port = 443;
-            ssl = true;
+    #        ssl = true;
-            extraParameters = [ "proxy_protocol" ];
+    #        extraParameters = [ "proxy_protocol" ];
-          }
+    #      }
-        ];
+    #    ];
-      in
+    #  in
-      map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
+    #  map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
    # Hardened TLS and HSTS preloading
    appendHttpConfig = ''
      # Proxying
      # real_ip_header proxy_protocol;
      server {
        listen 80   proxy_protocol;
        listen 443  ssl proxy_protocol;
        # set_real_ip_from 10.7.0.0/24;
      }
      ssl_certificate /var/lib/acme/quack.social/cert.pem;
      ssl_certificate_key /var/lib/acme/quack.social/key.pem;
-      proxy_set_header Host            $host;
+      # proxy_set_header Host            $host;
-      proxy_set_header X-Real-IP       $proxy_protocol_addr;
+      # proxy_set_header X-Real-IP       $proxy_protocol_addr;
-      proxy_set_header X-Forwarded-For $proxy_protocol_addr;
+      # proxy_set_header X-Forwarded-For $proxy_protocol_addr;
      # Add HSTS header with preloading to HTTPS requests.
      # Do not add HSTS header to HTTP requests.
@ -98,19 +92,6 @@
      add_header pronouns "any but neopronouns";
      add_header locale "[en_US, nl_NL]";
    '';
    appendConfig = ''
      # https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
      # set_real_ip_from 213.210.34.27;
      # real_ip_header proxy_protocol;
      # proxy_set_header Host               $host;
      # proxy_set_header X-Real-IP          $proxy_protocol_addr;
      # proxy_set_header X-Forwarded-For    $proxy_protocol_addr;
      # proxy_set_header X-Forwarded-Proto  $scheme;
      # proxy_set_header X-Forwarded-Host   $host;
      # proxy_set_header X-Forwarded-Server $host;
    '';
  };
  networking.firewall = {
    allowedTCPPorts = [