blob: ea312a35265044c39740afed1fd6a4650ac8af89 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
{ config, pkgs, lib, spacebar-server, rootDomain, ... }:
{
services = {
nginx = {
enable = true;
package = pkgs.nginxMainline;
recommendedProxySettings = true;
recommendedZstdSettings = true;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
recommendedOptimisation = true;
appendConfig = ''
worker_processes 16;
'';
eventsConfig = ''
#use kqueue;
worker_connections 512;
'';
appendHttpConfig = ''
#sendfile on;
disable_symlinks off;
'';
additionalModules = with pkgs.nginxModules; [
moreheaders
];
virtualHosts = {
"${rootDomain}" = {
locations."= /.well-known/spacebarchat/client".extraConfig = ''
more_set_headers 'Content-Type application/json';
more_set_headers 'Access-Control-Allow-Origin *';
return 200 '${builtins.toJSON {
cdn = "cdn.${rootDomain}";
gateway = "gateway.${rootDomain}";
api = "api.${rootDomain}";
}}';
'';
};
"api.${rootDomain}" = {
locations."/" = {
proxyPass = "http://127.0.0.1:3001";
extraConfig = ''
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Methods: *';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
more_set_headers 'Access-Control-Allow-Headers: *';
#
# Tell client that this pre-flight info is valid for 20 days
#
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain; charset=utf-8';
more_set_headers 'Content-Length: 0';
return 204;
}
'';
};
};
"cdn.${rootDomain}" = {
locations."/" = {
proxyPass = "http://127.0.0.1:3003";
extraConfig = ''
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Methods: *';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
more_set_headers 'Access-Control-Allow-Headers: *';
#
# Tell client that this pre-flight info is valid for 20 days
#
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain; charset=utf-8';
more_set_headers 'Content-Length: 0';
return 204;
}
'';
};
};
"gateway.${rootDomain}" = {
locations."/" = {
proxyPass = "http://127.0.0.1:3002";
extraConfig = ''
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Methods: *';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
more_set_headers 'Access-Control-Allow-Headers: *';
#
# Tell client that this pre-flight info is valid for 20 days
#
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain; charset=utf-8';
more_set_headers 'Content-Length: 0';
return 204;
}
'';
};
};
};
};
};
systemd.services.nginx.serviceConfig = {
LimitNOFILE=5000000;
};
system.stateVersion = "22.11"; # DO NOT EDIT!
}
|
