Compare commits
2 commits
3679cfb428
...
ec0afc6085
| Author | SHA1 | Date | |
|---|---|---|---|
ec0afc6085
|
|||
|
c7d46f1c2b
|
7 changed files with 41 additions and 0 deletions
|
|
@ -140,8 +140,20 @@
|
|||
domain = "tlater.net";
|
||||
|
||||
statusPage = true; # For metrics, should be accessible only from localhost
|
||||
|
||||
commonHttpConfig = ''
|
||||
log_format upstream_time '$remote_addr - $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent" '
|
||||
'rt=$request_time uct="$upstream_connect_time" '
|
||||
'uht="$upstream_header_time" urt="$upstream_response_time"';
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules =
|
||||
lib.mapAttrsToList (virtualHost: config: "d /var/log/nginx/${virtualHost} 0750 nginx nginx")
|
||||
config.services.nginx.virtualHosts;
|
||||
|
||||
security.acme = {
|
||||
defaults.email = "tm@tlater.net";
|
||||
acceptTerms = true;
|
||||
|
|
|
|||
|
|
@ -205,6 +205,7 @@ in {
|
|||
addSSL = true;
|
||||
extraConfig = ''
|
||||
merge_slashes off;
|
||||
access_log /var/log/nginx/${domain}/access.log upstream_time;
|
||||
'';
|
||||
|
||||
locations = {
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ in {
|
|||
enableACME = true;
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||
access_log /var/log/nginx/${domain}/access.log upstream_time;
|
||||
'';
|
||||
|
||||
locations."/" = {
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ in {
|
|||
enableACME = true;
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||
access_log /var/log/nginx/${domain}/access.log upstream_time;
|
||||
'';
|
||||
|
||||
locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}";
|
||||
|
|
|
|||
|
|
@ -63,6 +63,27 @@ in {
|
|||
nginxlog = {
|
||||
enable = true;
|
||||
listenAddress = "127.0.0.1";
|
||||
group = "nginx";
|
||||
|
||||
settings.namespaces =
|
||||
lib.mapAttrsToList (name: virtualHost: {
|
||||
inherit name;
|
||||
metrics_override.prefix = "nginxlog";
|
||||
namespace_label = "vhost";
|
||||
|
||||
format = lib.concatStringsSep " " [
|
||||
"$remote_addr - $remote_user [$time_local]"
|
||||
''"$request" $status $body_bytes_sent''
|
||||
''"$http_referer" "$http_user_agent"''
|
||||
''rt=$request_time uct="$upstream_connect_time"''
|
||||
''uht="$upstream_header_time" urt="$upstream_response_time"''
|
||||
];
|
||||
|
||||
source.files = [
|
||||
"/var/log/nginx/${name}/access.log"
|
||||
];
|
||||
})
|
||||
config.services.nginx.virtualHosts;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -116,6 +137,7 @@ in {
|
|||
enableACME = true;
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||
access_log /var/log/nginx/${domain}/access.log upstream_time;
|
||||
'';
|
||||
locations."/".proxyPass = "http://localhost:3001";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -50,6 +50,9 @@ in {
|
|||
services.nginx.virtualHosts."${hostName}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
extraConfig = ''
|
||||
access_log /var/log/nginx/${hostName}/access.log upstream_time;
|
||||
'';
|
||||
};
|
||||
|
||||
# Block repeated failed login attempts
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ in {
|
|||
enableACME = true;
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||
access_log /var/log/nginx/${domain}/access.log upstream_time;
|
||||
'';
|
||||
|
||||
locations."/".proxyPass = "http://${addr}:${toString port}";
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue