felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2025-12-10 04:27:14 +01:00
Code Issues Projects Releases Wiki Activity

treewide: nginx optimizations

Browse Source
This commit is contained in:
h7x4
2024-04-10 22:01:19 +02:00
parent e22c7d5b4d
commit 065992620e
14 changed files with 42 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/bekkalokk/services/gitea/default.nix
View File

@@ -59,9 +59,9 @@ in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
kTLS = true;
locations."/" = {
proxyPass = "http://unix:${cfg.settings.server.HTTP_ADDR}";
recommendedProxySettings = true;
extraConfig = ''
client_max_body_size 512M;
'';

1
hosts/bekkalokk/services/idp-simplesamlphp/default.nix
View File

@@ -180,6 +180,7 @@ in
services.nginx.virtualHosts."idp2.pvv.ntnu.no" = {
forceSSL = true;
enableACME = true;
kTLS = true;
root = "${package}/share/php/simplesamlphp/public";
locations = {
# based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx

1
hosts/bekkalokk/services/mediawiki/default.nix
View File

@@ -152,6 +152,7 @@ in {
users.groups.mediawiki.members = [ "nginx" ];
services.nginx.virtualHosts."wiki.pvv.ntnu.no" = {
kTLS = true;
forceSSL = true;
enableACME = true;
locations = {

16
hosts/bekkalokk/services/nginx/default.nix
View File

@@ -4,19 +4,5 @@
./ingress.nix
];
security.acme = {
acceptTerms = true;
defaults.email = "drift@pvv.ntnu.no";
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.enable = true;
}

1
hosts/bekkalokk/services/nginx/ingress.nix
View File

@@ -5,6 +5,7 @@
serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ];
addSSL = true;
enableACME = true;
kTLS = true;
locations = {
# Proxy home directories

2
hosts/bekkalokk/services/webmail/default.nix
View File

@@ -7,7 +7,7 @@
services.nginx.virtualHosts."webmail2.pvv.ntnu.no" = {
forceSSL = true;
enableACME = true;
#locations."/" = lib.mkForce { };
kTLS = true;
locations."= /" = {
return = "301 https://www.pvv.ntnu.no/mail/";
};

1
hosts/bekkalokk/services/webmail/roundcube.nix
View File

@@ -35,6 +35,7 @@ in
services.nginx.virtualHosts."roundcubeplaceholder.example.com" = lib.mkForce { };
services.nginx.virtualHosts.${domain} = {
kTLS = true;
locations."/roundcube" = {
tryFiles = "$uri $uri/ =404";
index = "index.php";