From f2a984c762e2edac4667c65114f3fb64f43b7e10 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Mon, 24 Feb 2025 10:19:46 +0100 Subject: [PATCH] feat(rustdesk): enable SSL and update proxy configuration Enabled `forceSSL` for the RustDesk nginx configuration to ensure secure connections. Replaced `proxyPass` with detailed `extraConfig` to include necessary headers and support for WebSocket connections. --- systems/x86_64-linux/mx/rustdesk.nix | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/systems/x86_64-linux/mx/rustdesk.nix b/systems/x86_64-linux/mx/rustdesk.nix index b45377e..f09e7f4 100644 --- a/systems/x86_64-linux/mx/rustdesk.nix +++ b/systems/x86_64-linux/mx/rustdesk.nix @@ -11,15 +11,31 @@ services.nginx.virtualHosts."rustdesk.hoyer.world" = { enableACME = false; useACMEHost = "hoyer.world"; - forceSSL = false; + forceSSL = true; locations = { "/ws/id" = { - proxyPass = "http://127.0.0.1:21118"; - proxyWebsockets = true; + extraConfig = '' + proxy_pass http://localhost:21118; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + ''; }; "/ws/relay" = { - proxyPass = "http://127.0.0.1:21119"; - proxyWebsockets = true; + extraConfig = '' + proxy_pass http://localhost:21119; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + ''; }; }; };