media-proxy: Use subdomains instead of paths

This should help with isolating the different services.
2023-12-16 11:56:04 +01:00 · 2023-12-16 11:56:04 +01:00 · 47998fddd0
parent 80fcaab244
commit 47998fddd0
1 changed files with 18 additions and 29 deletions
--- a/modules/media-proxy.nix
+++ b/modules/media-proxy.nix
@ -1,6 +1,5 @@
 { config, lib, pkgs, ... }:
 let
  port = 8888;
  services = {
    "media" = config.sops.secrets.media-proxy-auth.path;
    "media-sb" = config.sops.secrets.media-proxy-auth.path;
@ -24,37 +23,27 @@ in
      enable = true;
      commonHttpConfig = ''
        map $http_referer $media_proxy_referer {
-            ~^http://localhost:8888/ "";
+            ~^http://.*\.localhost/ "";
            default                  $http_referer;
        }
      '';
-      virtualHosts.media-proxy = {
+      virtualHosts = lib.mapAttrs'
-        serverName = "localhost";
+        (name: secret: lib.nameValuePair "${name}.localhost" {
-        listen = [
+          locations."/" = {
-          { inherit port; addr = "127.0.0.1"; }
+            proxyPass = "https://${name}.sbruder.de/";
-          { inherit port; addr = "[::1]"; }
+            proxyWebsockets = true;
-        ];
+            # they interfere here, as the host needs to be changed
-        locations = {
+            recommendedProxySettings = false;
-          "/".extraConfig = ''
+            extraConfig = ''
-            rewrite ^/__nginx-interactive-index-assets__/(.*)$ /media/__nginx-interactive-index-assets__/$1;
+              proxy_buffering off;
-          '';
+              include ${secret};
-        } // lib.mapAttrs'
+              charset utf-8;
-          (name: secret: {
+              proxy_set_header Referer $media_proxy_referer;
-            name = "/${name}/";
+              proxy_set_header Origin $media_proxy_referer;
-            value = {
+            '';
-              proxyPass = "https://${name}.sbruder.de/";
+          };
-              proxyWebsockets = true;
+        })
-              extraConfig = ''
+        services;
                proxy_buffering off;
                include ${secret};
                charset utf-8;
                proxy_set_header Referer $media_proxy_referer;
                proxy_set_header Origin $media_proxy_referer;
              '';
            };
          })
          services;
      };
    };
  };
 }