switch to nginx

For some reasons, I can't get compression to work with Caddy, and I don't get much benefit from it in the first place anyway.
author: Franck Cuny <franck@fcuny.net> 2025-08-30 09:41:46 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-08-30 09:44:03 -0700
commit: e8ab0124ddbe8ae3aaa02dca6c05cfa2d2140053 (patch)
tree: eb28f31b7afb5a80e927e3a7c6d89d6b13c617b1 /machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
parent: use eza in eshell (diff)
download: infra-e8ab0124ddbe8ae3aaa02dca6c05cfa2d2140053.tar.gz
1 files changed, 73 insertions, 0 deletions
diff --git a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
new file mode 100644
index 0000000..fc273b7
--- /dev/null
+++ b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
@@ -0,0 +1,73 @@
+{ config, ... }:
+{
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "franck@fcuny.net";
+    certs = {
+      "code.fcuny.net" = {
+        dnsProvider = "cloudflare";
+        dnsResolver = "1.1.1.1";
+        reloadServices = [ "nginx.service" ];
+        credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
+      };
+      "go.fcuny.net" = {
+        dnsProvider = "cloudflare";
+        dnsResolver = "1.1.1.1";
+        reloadServices = [ "nginx.service" ];
+        credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
+      };
+      "id.fcuny.net" = {
+        dnsProvider = "cloudflare";
+        dnsResolver = "1.1.1.1";
+        reloadServices = [ "nginx.service" ];
+        credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
+      };
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    virtualHosts = {
+      "code.fcuny.net" = {
+        enableACME = true;
+        acmeRoot = null;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://10.100.0.40:3000";
+        };
+        locations."/metrics" = {
+          proxyPass = "http://10.100.0.40:3000/metrics";
+          extraConfig = ''
+            deny all;
+            access_log off;
+          '';
+        };
+      };
+      "go.fcuny.net" = {
+        enableACME = true;
+        acmeRoot = null;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://10.100.0.40:8070";
+        };
+      };
+      "id.fcuny.net" = {
+        enableACME = true;
+        acmeRoot = null;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://10.100.0.40:8080";
+        };
+      };
+    };
+  };
+}
author	Franck Cuny <franck@fcuny.net>	2025-08-30 09:41:46 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-08-30 09:44:03 -0700
commit	e8ab0124ddbe8ae3aaa02dca6c05cfa2d2140053 (patch)
tree	eb28f31b7afb5a80e927e3a7c6d89d6b13c617b1 /machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
parent	use eza in eshell (diff)
download	infra-e8ab0124ddbe8ae3aaa02dca6c05cfa2d2140053.tar.gz