Skip to content
Snippets Groups Projects
Commit ec7ce08c authored by Florian Sesser's avatar Florian Sesser
Browse files

Make Nginx reverse proxy reachable from outside

parent 1ad90f41
Branches
No related tags found
No related merge requests found
......@@ -30,7 +30,8 @@ in {
};
config = {
# networking.firewall.allowedTCPPorts = [ 80 443 ];
# Port 80 for ACME ssl retrieval only. 443 for nginx -> grafana.
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.grafana = {
enable = true;
......@@ -67,11 +68,25 @@ in {
};
# nginx reverse proxy
services.nginx.enable = true;
services.nginx.virtualHosts.${config.services.grafana.domain} = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
proxyWebsockets = true;
services.nginx = {
enable = true;
# Yes, use the NixOS recommended settings:
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256:
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts.${config.services.grafana.domain} = {
enableACME = true;
onlySSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
proxyWebsockets = true;
};
};
};
};
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment