palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add error pages to nginx

Browse source
This commit is contained in:
Ingolf Wagner 2020-03-15 22:52:02 +08:00
parent 6bcbb04045
commit 94a9b85a22
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
3 changed files with 81 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

122
configs/sputnik/nginx.nix
View file

@ -1,4 +1,32 @@
{ config, lib, pkgs, ... }: { { config, lib, pkgs, ... }:
let
errorPages = pkgs.fetchgit {
url = "https://git.ingolf-wagner.de/palo/http-errors.git";
rev = "66948c13b9bbe5f3fe7a5146eceb76b97c436069";
sha256 = "0qkw7nb883fna0qgvhky20c3dagxph56aiy2rrf359w7lxch1k1h";
};
error = {
extraConfig = ''
error_page 400 /errors/400.html;
error_page 401 /errors/401.html;
error_page 402 /errors/402.html;
error_page 403 /errors/403.html;
error_page 404 /errors/404.html;
error_page 405 /errors/405.html;
error_page 406 /errors/406.html;
error_page 500 /errors/500.html;
error_page 501 /errors/501.html;
error_page 502 /errors/502.html;
error_page 503 /errors/503.html;
error_page 504 /errors/504.html;
'';
locations."^~ /errors/" = {
extraConfig = "internal;";
root = "${errorPages}/";
};
};
in {
networking.firewall.allowedTCPPorts = [ 80 443 4443 ]; networking.firewall.allowedTCPPorts = [ 80 443 4443 ];
networking.firewall.allowedUDPPorts = [ 80 443 4443 ]; networking.firewall.allowedUDPPorts = [ 80 443 4443 ];
@ -23,7 +51,11 @@
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { proxyPass = "http://workhorse.private:3000"; }; extraConfig = error.extraConfig;
locations = {
"/" = { proxyPass = "http://workhorse.private:3000"; };
} // error.locations;
}; };
"paste.ingolf-wagner.de" = { "paste.ingolf-wagner.de" = {
@ -41,22 +73,12 @@
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { proxyPass = "http://workhorse.private:8000"; }; extraConfig = error.extraConfig;
locations = {
"/" = { proxyPass = "http://workhorse.private:8000"; };
} // error.locations;
}; };
#"landing.ingolf-wagner.de" = {
# default = true;
# listen = [
# { addr = "0.0.0.0"; port = 4443; ssl = true; }
# { addr = "0.0.0.0"; port = 80; ssl = false; }
# ];
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# root = "/srv/www/ingolf-wagner.de";
# };
#};
"travel.ingolf-wagner.de" = { "travel.ingolf-wagner.de" = {
listen = [ listen = [
{ {
@ -72,14 +94,17 @@
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { extraConfig = error.extraConfig;
root = "/srv/www/travel"; locations = {
extraConfig = '' "/" = {
if (-d $request_filename) { root = "/srv/www/travel";
rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; extraConfig = ''
} if (-d $request_filename) {
''; rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
}; }
'';
};
} // error.locations;
}; };
"tech.ingolf-wagner.de" = { "tech.ingolf-wagner.de" = {
@ -97,14 +122,17 @@
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { extraConfig = error.extraConfig;
root = "/srv/www/tech"; locations = {
extraConfig = '' "/" = {
if (-d $request_filename) { root = "/srv/www/tech";
rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; extraConfig = ''
} if (-d $request_filename) {
''; rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
}; }
'';
};
} // error.locations;
}; };
"terranix.org" = { "terranix.org" = {
@ -122,14 +150,17 @@
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { extraConfig = error.extraConfig;
root = "/srv/www/terranix"; locations = {
extraConfig = '' "/" = {
if (-d $request_filename) { root = "/srv/www/terranix";
rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; extraConfig = ''
} if (-d $request_filename) {
''; rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
}; }
'';
};
} // error.locations;
}; };
"chat.ingolf-wagner.de" = { "chat.ingolf-wagner.de" = {
@ -147,6 +178,7 @@
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = error.extraConfig;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://chat.workhorse.private"; proxyPass = "http://chat.workhorse.private";
@ -156,7 +188,7 @@
sub_filter "chat.workhorse.private" "chat.ingolf-wagner.de"; sub_filter "chat.workhorse.private" "chat.ingolf-wagner.de";
''; '';
}; };
}; } // error.locations;
}; };
"nextcloud.ingolf-wagner.de" = { "nextcloud.ingolf-wagner.de" = {
@ -174,6 +206,7 @@
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = error.extraConfig;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://nextcloud.workhorse.private"; proxyPass = "http://nextcloud.workhorse.private";
@ -193,7 +226,7 @@
extraConfig = "return 301 $scheme://$host/remote.php/dav;"; extraConfig = "return 301 $scheme://$host/remote.php/dav;";
}; };
}; } // error.locations;
}; };
"gaykraft.com" = { "gaykraft.com" = {
@ -211,7 +244,10 @@
]; ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { root = "/srv/www/gaykraft"; }; extraConfig = error.extraConfig;
locations = {
"/" = { root = "/srv/www/gaykraft"; };
} // error.locations;
}; };
}; };

1
pkgs/navi/default.nix
View file

@ -26,7 +26,6 @@ rustPlatform.buildRustPackage rec {
''; '';
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "An interactive cheatsheet tool for the command-line"; description = "An interactive cheatsheet tool for the command-line";
homepage = "https://github.com/denisidoro/navi"; homepage = "https://github.com/denisidoro/navi";

4
system/all/nginx.nix
View file

@ -12,8 +12,8 @@ in {
recommendedProxySettings = lib.mkDefault true; recommendedProxySettings = lib.mkDefault true;
recommendedTlsSettings = lib.mkDefault true; recommendedTlsSettings = lib.mkDefault true;
# for graylog logging
commonHttpConfig = '' commonHttpConfig = ''
# for graylog logging
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", ' log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
'"facility": "nginx", ' '"facility": "nginx", '
'"src_addr": "$remote_addr", ' '"src_addr": "$remote_addr", '
@ -28,9 +28,9 @@ in {
'"http_x_forwarded_for": "$http_x_forwarded_for",' '"http_x_forwarded_for": "$http_x_forwarded_for",'
'"http_referrer": "$http_referer", ' '"http_referrer": "$http_referer", '
'"http_user_agent": "$http_user_agent" }'; '"http_user_agent": "$http_user_agent" }';
access_log syslog:server=${access_log_sink} graylog2_json; access_log syslog:server=${access_log_sink} graylog2_json;
error_log syslog:server=${error_log_sink}; error_log syslog:server=${error_log_sink};
''; '';
}; };