1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
{ config, pkgs, lib, ... }:
{
dns.zones."ctu.cx".subdomains.oeffi.CNAME = [ "${config.networking.fqdn}." ];
services.nginx = {
enable = true;
appendHttpConfig = ''
map $phost $host_allowed {
default no;
www.bahn.de yes;
app.vendo.noncd.db.de yes;
nah.sh.hafas.de yes;
www.rmv.de yes;
vrn.hafas.de yes;
bvg-apps-ext.hafas.de yes;
fahrplan.oebb.at yes;
}
'';
virtualHosts."oeffi.ctu.cx" = {
enableACME = true;
forceSSL = true;
kTLS = true;
root = pkgs.trainsearch;
extraConfig = ''
merge_slashes off;
'';
locations."~ ^/(?<pscheme>https?://)(?<phost>[^/\\n\\r]+)(?<ppath>/.*)$".extraConfig = ''
if ($request_method = OPTIONS) {
more_set_headers "Access-Control-Allow-Headers: *";
more_set_headers "Access-Control-Allow-Origin: http://localhost:8080";
more_set_headers "Access-Control-Max-Age: 3600";
more_set_headers "Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS";
add_header Content-Type text/plain;
add_header Content-Length 0;
return 204;
}
resolver 8.8.8.8;
if ($host_allowed != yes) {
return 400;
}
more_set_headers "Access-Control-Allow-Headers: *";
more_set_headers "Access-Control-Allow-Origin: http://localhost:8080";
more_set_headers "Access-Control-Max-Age: 3600";
more_set_headers "Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS";
proxy_set_header Host $phost;
proxy_redirect ~^(https?://)([^/]+)(.*)$ $scheme://$http_host/$1$2$3;
proxy_pass $pscheme$phost$ppath$is_args$args;
'';
};
};
}