efim
/
go-ssr-pocketbase-oauth-attempt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: attempted allowance for nixos ssl

This commit is contained in:
efim 2023-10-08 20:36:21 +00:00
parent bfee145b6c
commit eb2b170335
2 changed files with 30 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
auth-notes.org
View File

@ -184,6 +184,13 @@ now works
because front-end is setting up js 'new PocketBase' with 127.0.0.1 connection because front-end is setting up js 'new PocketBase' with 127.0.0.1 connection
*** adding a custom flag: *** adding a custom flag:
https://github.com/pocketbase/pocketbase/discussions/1900 https://github.com/pocketbase/pocketbase/discussions/1900
** TODO change some additional config to option :
${optionalString config.proxyWebsockets ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
''}
( also in planning poker repo )

16
flake.nix
View File

@ -70,6 +70,12 @@
description = description =
"Whether pocketbase should serve on https and issue own certs. Main case for true - when not under nginx"; "Whether pocketbase should serve on https and issue own certs. Main case for true - when not under nginx";
}; };
useHostTls = lib.mkOption {
type = lib.types.bool;
default = false;
description =
"Whether virtual host should enable NixOS ACME certs";
};
}; };
config = let config = let
username = "${shortName}-user"; username = "${shortName}-user";
@ -102,9 +108,11 @@
}; };
}; };
services.nginx = lib.mkIf cfg.useNginx { services.nginx = lib.mkIf cfg.useNginx {
virtualHosts.${cfg.host}.locations."/" = { virtualHosts.${cfg.host} = {
proxyPass = forceSSL = cfg.useHostTls;
"http://127.0.0.1:${toString cfg.port}"; enableACME = cfg.useHostTls;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
# taken from https://pocketbase.io/docs/going-to-production/ # taken from https://pocketbase.io/docs/going-to-production/
extraConfig = '' extraConfig = ''
# check http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive # check http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
@ -117,7 +125,7 @@
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
''; '';
# TODO doesn't include tls sadly };
}; };
}; };
}; };