media-proxy: Use subdomains instead of paths

This should help with isolating the different services.
2023-12-16 11:56:04 +01:00 · 2023-12-16 11:56:04 +01:00 · 47998fddd0
parent 80fcaab244
commit 47998fddd0
1 changed files with 18 additions and 29 deletions
--- a/modules/media-proxy.nix
+++ b/modules/media-proxy.nix
@ -1,6 +1,5 @@
 { config, lib, pkgs, ... }:
 let
-  port = 8888;
  services = {
    "media" = config.sops.secrets.media-proxy-auth.path;
    "media-sb" = config.sops.secrets.media-proxy-auth.path;
@ -24,26 +23,17 @@ in
      enable = true;
      commonHttpConfig = ''
        map $http_referer $media_proxy_referer {
-            ~^http://localhost:8888/ "";
+            ~^http://.*\.localhost/ "";
            default                  $http_referer;
        }
      '';
-      virtualHosts.media-proxy = {
-        serverName = "localhost";
-        listen = [
-          { inherit port; addr = "127.0.0.1"; }
-          { inherit port; addr = "[::1]"; }
-        ];
-        locations = {
-          "/".extraConfig = ''
-            rewrite ^/__nginx-interactive-index-assets__/(.*)$ /media/__nginx-interactive-index-assets__/$1;
-          '';
-        } // lib.mapAttrs'
-          (name: secret: {
-            name = "/${name}/";
-            value = {
+      virtualHosts = lib.mapAttrs'
+        (name: secret: lib.nameValuePair "${name}.localhost" {
+          locations."/" = {
            proxyPass = "https://${name}.sbruder.de/";
            proxyWebsockets = true;
+            # they interfere here, as the host needs to be changed
+            recommendedProxySettings = false;
            extraConfig = ''
              proxy_buffering off;
              include ${secret};
@ -56,5 +46,4 @@ in
        services;
    };
  };
-  };
 }