diff options
Diffstat (limited to 'config/services')
| -rw-r--r-- | config/services/mesh/default.nix | 3 | ||||
| -rw-r--r-- | config/services/web/default.nix | 29 | ||||
| -rw-r--r-- | config/services/web/searx/default.nix | 3 |
3 files changed, 2 insertions, 33 deletions
diff --git a/config/services/mesh/default.nix b/config/services/mesh/default.nix index 445c262..168f7db 100644 --- a/config/services/mesh/default.nix +++ b/config/services/mesh/default.nix @@ -40,9 +40,6 @@ in proxy_set_header Host $server_name; proxy_redirect http:// https://; proxy_buffering off; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; ''; }; diff --git a/config/services/web/default.nix b/config/services/web/default.nix index 920d1e7..f6d51db 100644 --- a/config/services/web/default.nix +++ b/config/services/web/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ ... }: { imports = [ @@ -13,31 +13,6 @@ defaults.email = "quentin@aristote.fr"; }; - services.nginx = { - enable = true; - additionalModules = [ pkgs.nginxModules.brotli ]; - # return 444 when trying to connect directly through the IP address - virtualHosts."_" = { - default = true; - extraConfig = '' - return 444; - ''; - }; - appendHttpConfig = '' - types_hash_bucket_size 128; - access_log /dev/null; - - # compression - gzip on; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml; - brotli on; - brotli_comp_level 6; - brotli_types text/xml image/svg+xml application/x-font-ttf image/vnd.microsoft.icon application/x-font-opentype application/json font/eot application/vnd.ms-fontobject application/javascript font/otf application/xml application/xhtml+xml text/javascript application/x-javascript text/plain application/x-font-truetype application/xml+rss image/x-icon font/opentype text/css image/x-win-bitmap; - ''; - }; - + services.nginx.enable = true; systemd.services.nginx.personal.monitor = true; } diff --git a/config/services/web/searx/default.nix b/config/services/web/searx/default.nix index da4cf88..46afcd8 100644 --- a/config/services/web/searx/default.nix +++ b/config/services/web/searx/default.nix @@ -22,10 +22,7 @@ in "/" = { proxyPass = "http://${cfg.filtron.listen.address}:${toString cfg.filtron.listen.port}"; extraConfig = '' - proxy_set_header Host $host; proxy_set_header Connection $http_connection; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; # proxy_set_header X-Script-Name /; ''; |