37 lines
No EOL
660 B
Nix
37 lines
No EOL
660 B
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
security.acme.defaults.email = "porject-a@project-a.space";
|
|
security.acme.acceptTerms = true;
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
defaultSSLListenPort = 444;
|
|
|
|
streamConfig = ''
|
|
map $ssl_preread_server_name $name {
|
|
default marzban;
|
|
}
|
|
|
|
upstream git {
|
|
server 127.0.0.1:444;
|
|
}
|
|
|
|
upstream marzban {
|
|
server 127.0.0.1:1080;
|
|
}
|
|
|
|
server {
|
|
listen 0.0.0.0:443;
|
|
listen [::0]:443;
|
|
proxy_pass $name;
|
|
ssl_preread on;
|
|
proxy_connect_timeout 1s;
|
|
proxy_timeout 1h;
|
|
proxy_buffer_size 16k;
|
|
}
|
|
'';
|
|
};
|
|
} |