nginx: moved all reverse proxy configurations to nginx

This commit is contained in:
Tigor Hutasuhut 2024-11-24 20:46:15 +07:00
parent 4539c5df73
commit 437fd67d9b
7 changed files with 80 additions and 0 deletions

View file

@ -16,6 +16,20 @@ in
chmod -R 0777 /nas/mediaserver chmod -R 0777 /nas/mediaserver
''; '';
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations = {
"= /metrics" = {
return = "403";
};
"/" = {
proxyPass = "http://0.0.0.0:8096";
proxyWebsockets = true;
};
};
};
services.caddy.virtualHosts.${domain}.extraConfig = '' services.caddy.virtualHosts.${domain}.extraConfig = ''
@public not remote_ip private_ranges @public not remote_ip private_ranges
@ -44,6 +58,15 @@ in
reverse_proxy 0.0.0.0:5055 reverse_proxy 0.0.0.0:5055
''; '';
}; };
services.nginx.virtualHosts.${domain-jellyseerr} = mkIf cfg.jellyseerr.enable {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://0.0.0.0:5055";
proxyWebsockets = true;
};
};
services.jellyfin = { services.jellyfin = {
enable = true; enable = true;
inherit dataDir; inherit dataDir;

View file

@ -23,6 +23,17 @@ in
services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = '' services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
reverse_proxy 0.0.0.0:${toString config.services.kavita.settings.Port} reverse_proxy 0.0.0.0:${toString config.services.kavita.settings.Port}
''; '';
services.nginx.virtualHosts."kavita.tigor.web.id" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://0.0.0.0:${toString config.services.kavita.settings.Port}";
proxyWebsockets = true;
};
};
};
services.kavita = { services.kavita = {
enable = true; enable = true;
tokenKeyFile = config.sops.secrets."kavita/token".path; tokenKeyFile = config.sops.secrets."kavita/token".path;

View file

@ -10,6 +10,17 @@ in
reverse_proxy 0.0.0.0:${toString config.services.navidrome.settings.Port} reverse_proxy 0.0.0.0:${toString config.services.navidrome.settings.Port}
''; '';
services.nginx.virtualHosts."navidrome.tigor.web.id" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://0.0.0.0:${toString config.services.navidrome.settings.Port}";
proxyWebsockets = true;
};
};
};
users.groups.navidrome.members = [ user.name ]; users.groups.navidrome.members = [ user.name ];
users.groups.${user.name}.members = [ "navidrome" ]; users.groups.${user.name}.members = [ "navidrome" ];

View file

@ -26,6 +26,7 @@ in
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedZstdSettings = true; recommendedZstdSettings = true;
recommendedBrotliSettings = true; recommendedBrotliSettings = true;
enableReload = true;
}; };
users.users.nginx.extraGroups = [ "acme" ]; users.users.nginx.extraGroups = [ "acme" ];

View file

@ -18,6 +18,17 @@ lib.mkMerge [
reverse_proxy ${listenAddress} reverse_proxy ${listenAddress}
''; '';
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://0.0.0.0:15150";
proxyWebsockets = true;
};
};
};
services.ntfy-sh = { services.ntfy-sh = {
enable = true; enable = true;
settings = settings =

View file

@ -20,6 +20,18 @@ in
services.caddy.virtualHosts.${domain}.extraConfig = '' services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy 0.0.0.0:${toString config.services.photoprism.port} reverse_proxy 0.0.0.0:${toString config.services.photoprism.port}
''; '';
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://0.0.0.0:${toString config.services.photoprism.port}";
proxyWebsockets = true;
};
};
};
sops.secrets."photoprism/admin_password" = { sops.secrets."photoprism/admin_password" = {
sopsFile = ../../secrets/photoprism.yaml; sopsFile = ../../secrets/photoprism.yaml;
}; };

View file

@ -16,6 +16,17 @@ in
services.caddy.virtualHosts."syncthing.tigor.web.id".extraConfig = '' services.caddy.virtualHosts."syncthing.tigor.web.id".extraConfig = ''
reverse_proxy 0.0.0.0:8384 reverse_proxy 0.0.0.0:8384
''; '';
services.nginx.virtualHosts."syncthing.tigor.web.id" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://0.0.0.0:8384";
proxyWebsockets = true;
};
};
};
sops.secrets = sops.secrets =
let let
opts = { opts = {