Make nginx use the haproxy protocol for mail
Mail listens for haproxy proxy messages, which have extra information about
where the query came from (similar to X-Forwarded-For headers in HTTP).
Unfortunately, we were forwarding it raw TCP data from nginx.
This commit uses ProxyStream (introduced in helpers commit
Ia15a18380624375ec4eb5d87d802df1e31f3c82d) to add haproxy proxying.
Finally, this commit removes an extraneous email vhost (ignored since helpers
commit I1e3dc3db735c0ccea5a6b7407cda8338ff7cf1e8)
Change-Id: Ia6142f249b911e11fef1a6476fcef4002d88b86d
diff --git a/modules/nginx.nix b/modules/nginx.nix
index 08ae0cf..7515dcb 100644
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@@ -124,6 +124,7 @@
internal = lib.mkOption { type = str; };
external = lib.mkOption { type = port; };
protocol = lib.mkOption { type = strMatching "^(tcp|udp)$"; };
+ haproxy = lib.mkOption { type = bool; };
};
});
example = lib.literalExpression ''
@@ -157,7 +158,8 @@
listen ${builtins.toString stream.external}${
lib.optionalString (stream.protocol == "udp") " udp"
};
- proxy_pass ${builtins.toString stream.internal};
+ proxy_pass ${stream.internal};
+ ${if stream.haproxy then "proxy_protocol on;" else ""}
}
'') config.clicks.nginx.streams);
};