49 lines
1.3 KiB
Nix
49 lines
1.3 KiB
Nix
{ ... }:
|
|
{
|
|
services.nginx.upstreams.radicale = {
|
|
servers = {
|
|
"10.89.88.12:5232" = { };
|
|
"[fd31:185d:722f::12]:5232" = { };
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."dav.oxapentane.com" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/oauth2/" = {
|
|
proxyPass = "http://10.89.88.11:4180/";
|
|
extraConfig = ''
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
|
|
'';
|
|
};
|
|
locations."/oauth2/auth" = {
|
|
proxyPass = "http://10.89.88.11:4180";
|
|
extraConfig = ''
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-Uri $request_uri;
|
|
proxy_set_header Content-Length "";
|
|
proxy_pass_request_body off;
|
|
'';
|
|
};
|
|
locations."/" = {
|
|
proxyPass = "http://radicale/";
|
|
extraConfig = ''
|
|
auth_request /oauth2/auth;
|
|
error_page 401 =403 /oauth2/sign_in;
|
|
|
|
auth_request_set $user $upstream_http_x_auth_request_user;
|
|
|
|
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
|
# add_header Set-Cookie $auth_cookie;
|
|
|
|
proxy_set_header X-Remote-User $user;
|
|
proxy_set_header X-User $user;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
'';
|
|
};
|
|
};
|
|
}
|