ma deployment/etherpad: set proxy configuration according to recommendations

2020-10-23 21:30:01 +02:00 · 2020-10-23 21:30:01 +02:00 · 6db94f3c07
parent f86d67e9cf
commit 6db94f3c07
1 changed files with 21 additions and 0 deletions
--- a/2configs/deployment/docker/etherpad.euer.krebsco.de.nix
+++ b/2configs/deployment/docker/etherpad.euer.krebsco.de.nix
@ -5,9 +5,30 @@ in {
  #services.nginx.virtualHosts."euer.krebsco.de".serverAliases = [ "etherpad.euer.krebsco.de" ];
  services.nginx.virtualHosts."etherpad.euer.krebsco.de" = {
    # useACMEHost = "euer.krebsco.de";
+    extraConfig = ''
+      ssl_session_timeout  5m;
+    '';
    enableACME = true;
    forceSSL = true;
    locations."/".proxyPass = "http://localhost:${toString port}";
+    # from https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy
+    locations."/".extraConfig = ''
+
+        proxy_buffering    off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
+        proxy_set_header   Host $host;
+        proxy_pass_header  Server;
+
+        # Note you might want to pass these headers etc too.
+        proxy_set_header    X-Real-IP $remote_addr; # https://nginx.org/en/docs/http/ngx_http_proxy_module.html
+        proxy_set_header    X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
+        proxy_set_header    X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
+        proxy_http_version  1.1; # recommended with keepalive connections
+
+        # WebSocket proxying - from https://nginx.org/en/docs/http/websocket.html
+        proxy_set_header  Upgrade $http_upgrade;
+        proxy_set_header  Connection "upgrade";
+        proxy_read_timeout 61s;
+    '';
  };
  docker-containers."etherpad-lite" = {
    image = "makefoo/bgt-etherpad:2020-05-02.6";