2023-06-06 21:38:53 +02:00
|
|
|
{ config, lib, ... }:
|
2024-02-02 13:45:05 +01:00
|
|
|
let
|
|
|
|
|
cfg = config.services.az-nginx-proxy;
|
|
|
|
|
in
|
|
|
|
|
{
|
2023-06-06 21:38:53 +02:00
|
|
|
options = {
|
|
|
|
|
services.az-nginx-proxy = {
|
|
|
|
|
enable = lib.mkEnableOption "Enable Nginx proxy, mainly to provide SSL.";
|
|
|
|
|
domain = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
description = "The domain the service is being run from.";
|
|
|
|
|
};
|
|
|
|
|
port = lib.mkOption {
|
|
|
|
|
type = lib.types.number;
|
|
|
|
|
description = "The port FPM listens on.";
|
|
|
|
|
default = 8080;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
services = {
|
|
|
|
|
az-acme-base.enable = true;
|
|
|
|
|
nginx = {
|
|
|
|
|
appendHttpConfig = ''
|
|
|
|
|
# Disable embedding as a frame
|
|
|
|
|
add_header X-Frame-Options DENY;
|
|
|
|
|
'';
|
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
|
virtualHosts."${cfg.domain}" = {
|
|
|
|
|
enableACME = true;
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
locations."/" = {
|
|
|
|
|
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
|
|
|
|
proxyWebsockets = true; # needed if you need to use WebSocket
|
|
|
|
|
};
|
2023-06-05 15:58:28 +02:00
|
|
|
};
|
2022-09-12 18:13:05 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
