bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-05-08 06:50:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(server): remove sslh and enforce direct nginx client IP filtering

Browse source
This commit is contained in:
Bryan Ramos 2026-04-12 21:23:34 -04:00
parent de3dd664e2
commit b8bd062859
1 changed files with 0 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

14
system/machines/server/modules/nginx/default.nix
View file

@ -14,7 +14,6 @@ in
privateAllowCidrs = mkOption { privateAllowCidrs = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ default = [
"127.0.0.1/32"
"192.168.0.0/24" "192.168.0.0/24"
"10.8.0.0/24" "10.8.0.0/24"
]; ];
@ -41,25 +40,12 @@ in
}; };
}; };
services.sslh = {
enable = true;
listenAddresses = [ "0.0.0.0" ];
port = 443;
settings = {
protocols = [
{ name = "ssh"; host = "127.0.0.1"; port = "22"; }
{ name = "tls"; host = "127.0.0.1"; port = "4443"; }
];
};
};
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
eventsConfig = "worker_connections 4096;"; eventsConfig = "worker_connections 4096;";
defaultSSLListenPort = 4443;
# Catch-all default - friendly error for unknown subdomains # Catch-all default - friendly error for unknown subdomains
virtualHosts."_" = { virtualHosts."_" = {