jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: added catch all route to reverse proxy that blocks connections on non specified hosts

Browse source
This commit is contained in:
Leyla Becker 2025-10-27 00:53:59 -05:00
parent 81a6588537
commit bb5c94ec2c
1 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

20
modules/nixos-modules/server/reverseProxy/reverseProxy.nix
View file

@ -6,6 +6,11 @@
options.services.reverseProxy = { options.services.reverseProxy = {
enable = lib.mkEnableOption "turn on the reverse proxy"; enable = lib.mkEnableOption "turn on the reverse proxy";
openFirewall = lib.mkEnableOption "open the firewall"; openFirewall = lib.mkEnableOption "open the firewall";
refuseUnmatchedDomains = lib.mkOption {
type = lib.types.bool;
description = "refuse connections for domains that don't match any configured virtual hosts";
default = true;
};
ports = { ports = {
http = lib.mkOption { http = lib.mkOption {
type = lib.types.port; type = lib.types.port;
@ -96,7 +101,20 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = lib.mkMerge ( virtualHosts = lib.mkMerge (
lib.lists.flatten ( (lib.optionals config.services.reverseProxy.refuseUnmatchedDomains [
{
"_" = {
default = true;
serverName = "_";
locations."/" = {
extraConfig = ''
return 444;
'';
};
};
}
])
++ lib.lists.flatten (
lib.attrsets.mapAttrsToList ( lib.attrsets.mapAttrsToList (
name: service: let name: service: let
hostConfig = { hostConfig = {