blob: 12851a72deec3ffeaeb0cdcf8c73bd9d783c5edb (
about) (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
(define-module (tw services web)
#:use-module (gnu services)
#:use-module (gnu services configuration)
#:use-module (gnu services certbot)
#:use-module (gnu services web)
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module ((srfi srfi-1) #:select (concatenate))
#:export (https-reverse-proxy-service-type
https-reverse-proxy-configuration))
(define-configuration/no-serialization https-reverse-proxy-configuration
(domains list-of-strings "List of domain names that nginx should proxy
requests for.")
(destination-port integer "The port number of the service that should be
proxied to.")
(destination-ip (string "127.0.0.1") "The IP address of the server that
should be proxied to. Usually, this should be localhost.")
(destination-protocol (string "http") "The protocol that the proxied service
speaks. Set to @code{\"https\"} if you want to proxy HTTPS-to-HTTPS.")
(nginx-pid-file (string "/var/run/nginx/pid") "The file containing nginx's
process ID. This may differ from the default if nginx's @code{run-directory}
differs from its default."))
(define (reverse-proxy-certificate config)
(match-record config <https-reverse-proxy-configuration> (domains nginx-pid-file)
(certificate-configuration
(domains domains)
(deploy-hook
(program-file "nginx-cert-deploy-hook"
#~(kill (call-with-input-file #$nginx-pid-file read) SIGHUP))))))
(define (reverse-proxy-nginx-server config)
(match-record config <https-reverse-proxy-configuration>
(domains destination-port destination-ip)
(nginx-server-configuration
(listen '("443 ssl http2"))
(server-name domains)
(ssl-certificate (string-append "/etc/letsencrypt/live/" (car domains) "/fullchain.pem"))
(ssl-certificate-key (string-append "/etc/letsencrypt/live/" (car domains) "/privkey.pem"))
(server-tokens? #f)
(locations
(list (nginx-location-configuration
(uri "/")
(body `(("proxy_pass http://" ,destination-ip ":"
,(number->string destination-port))))))))))
(define (reverse-proxy-certificates configs)
(map reverse-proxy-certificate configs))
(define (reverse-proxy-nginx-servers configs)
(map reverse-proxy-nginx-server configs))
(define https-reverse-proxy-service-type
(service-type
(name 'reverse-proxy)
(extensions (list (service-extension nginx-service-type reverse-proxy-nginx-servers)
(service-extension certbot-service-type reverse-proxy-certificates)))
(default-value '())
(compose concatenate)
(extend append)
(description "Configure nginx as a reverse proxy proxying external HTTPS
requests to another host or a local port over plain HTTP.")))
|