Public Access Proxy

We are using Haproxy to do SNI-based forwarding without opening the TLS connection.

How to add a domain?

To proxy a new domain, it should be added to services.proxy.proxyHosts.

OptionUsage
hostNamesA list of domain(s) that should be proxied
proxyTo.hostThe IP it should be proxied to
proxyTo.httpPortThe http port to proxy to, defaults to 80
proxyTo.httpsPortThe http port to proxy to, defaults to 443
proxyTo.proxyHttpPortThe http proxy protocol port to proxy to, defaults to 8080
proxyTo.proxyHttpsPortThe http proxy protocol port to proxy to, defaults to 8443
proxyProtocolIf the web server we are proxying to, talks proxy protocol. Please make sure, to do IP filtering. See []services.nginx.commonServerConfig](../../config/default.nix).
matchArgOptional arguments to HAProxy req.ssl_sni -i

How to forward a port?

This is done in the network repo, to be exact in the site.hosts.upstream4.forwardPorts option.