efim
/
go-ssr-pocketbase-oauth-attempt-github-mirror
mirror of https://github.com/efim/go-ssr-pocketbase-oauth-attempt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: attempted allowance for nixos ssl

This commit is contained in:
efim 2023-10-08 20:36:21 +00:00
parent bfee145b6c
commit eb2b170335
2 changed files with 30 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
auth-notes.org
View File

@ -184,6 +184,13 @@ now works
because front-end is setting up js 'new PocketBase' with 127.0.0.1 connection because front-end is setting up js 'new PocketBase' with 127.0.0.1 connection
*** adding a custom flag: *** adding a custom flag:
https://github.com/pocketbase/pocketbase/discussions/1900 https://github.com/pocketbase/pocketbase/discussions/1900
** TODO change some additional config to option :
${optionalString config.proxyWebsockets ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
''}
( also in planning poker repo )

38
flake.nix
View File

@ -70,6 +70,12 @@
description = description =
"Whether pocketbase should serve on https and issue own certs. Main case for true - when not under nginx"; "Whether pocketbase should serve on https and issue own certs. Main case for true - when not under nginx";
}; };
useHostTls = lib.mkOption {
type = lib.types.bool;
default = false;
description =
"Whether virtual host should enable NixOS ACME certs";
};
}; };
config = let config = let
username = "${shortName}-user"; username = "${shortName}-user";
@ -102,22 +108,24 @@
}; };
}; };
services.nginx = lib.mkIf cfg.useNginx { services.nginx = lib.mkIf cfg.useNginx {
virtualHosts.${cfg.host}.locations."/" = { virtualHosts.${cfg.host} = {
proxyPass = forceSSL = cfg.useHostTls;
"http://127.0.0.1:${toString cfg.port}"; enableACME = cfg.useHostTls;
# taken from https://pocketbase.io/docs/going-to-production/ locations."/" = {
extraConfig = '' proxyPass = "http://127.0.0.1:${toString cfg.port}";
# check http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive # taken from https://pocketbase.io/docs/going-to-production/
proxy_set_header Connection '''; extraConfig = ''
proxy_http_version 1.1; # check http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
proxy_read_timeout 360s; proxy_set_header Connection ''';
proxy_http_version 1.1;
proxy_read_timeout 360s;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
''; '';
# TODO doesn't include tls sadly };
}; };
}; };
}; };