Harald Hoyer
7e283d9266
Added Syncthing support with proxy and SSL in nginx and updated ACME certs configuration. Adjusted Syncthing GUI to bind to localhost for improved security.
45 lines
1.2 KiB
Nix
45 lines
1.2 KiB
Nix
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
{
|
|
users.users.nginx.extraGroups = [ "acme" ];
|
|
services.nginx = {
|
|
enable = true;
|
|
clientMaxBodySize = "1000M";
|
|
appendHttpConfig = ''
|
|
log_format vcombined '$host:$server_port '
|
|
'$remote_addr - $remote_user [$time_local] '
|
|
'"$request" $status $body_bytes_sent '
|
|
'"$http_referer" "$http_user_agent"';
|
|
access_log /var/log/nginx/access.log vcombined;
|
|
'';
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
virtualHosts = {
|
|
"openwebui.hoyer.world" = {
|
|
enableACME = false;
|
|
useACMEHost = "openwebui.hoyer.world";
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString config.services.open-webui.port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
"syncthing.hoyer.world" = {
|
|
enableACME = false;
|
|
useACMEHost = "syncthing.hoyer.world";
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8384";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|