diff options
Diffstat (limited to 'host/Spacebar-nginx/containers/spacebar-server/services/nginx.nix')
| -rwxr-xr-x | host/Spacebar-nginx/containers/spacebar-server/services/nginx.nix | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/host/Spacebar-nginx/containers/spacebar-server/services/nginx.nix b/host/Spacebar-nginx/containers/spacebar-server/services/nginx.nix new file mode 100755 index 0000000..ea312a3 --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server/services/nginx.nix @@ -0,0 +1,114 @@ +{ config, pkgs, lib, spacebar-server, rootDomain, ... }: + +{ + services = { + nginx = { + enable = true; + package = pkgs.nginxMainline; + recommendedProxySettings = true; + recommendedZstdSettings = true; + recommendedGzipSettings = true; + recommendedBrotliSettings = true; + recommendedOptimisation = true; + appendConfig = '' + worker_processes 16; + ''; + eventsConfig = '' + #use kqueue; + worker_connections 512; + ''; + appendHttpConfig = '' + #sendfile on; + disable_symlinks off; + ''; + additionalModules = with pkgs.nginxModules; [ + moreheaders + ]; + virtualHosts = { + "${rootDomain}" = { + locations."= /.well-known/spacebarchat/client".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + cdn = "cdn.${rootDomain}"; + gateway = "gateway.${rootDomain}"; + api = "api.${rootDomain}"; + }}'; + ''; + }; + "api.${rootDomain}" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3001"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + }; + "cdn.${rootDomain}" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3003"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + }; + "gateway.${rootDomain}" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3002"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + }; + }; + }; + }; + + systemd.services.nginx.serviceConfig = { + LimitNOFILE=5000000; + }; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} |