From 4b6e2fc3b1a2fa639fc835dd4b1865ecc25f233a Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom@hubrecht.ovh>
Date: Mon, 11 Sep 2023 18:54:17 +0200
Subject: [PATCH] fix(garage): Setup correctly the reverse proxy

---
 machines/storage01/garage.nix | 31 ++++++++++++++++++++++++-------
 1 file changed, 24 insertions(+), 7 deletions(-)

diff --git a/machines/storage01/garage.nix b/machines/storage01/garage.nix
index 1d89448..902c26d 100644
--- a/machines/storage01/garage.nix
+++ b/machines/storage01/garage.nix
@@ -17,13 +17,13 @@ in {
         "a79e86c6fc0e0a02ff71fd3c6127887b6e029ea6e8ade6c3de1a0b7b09ad2873";
 
       s3_api = {
-        s3_region = "par01";
-        api_bind_addr = "[::]:3900";
+        s3_region = "garage";
+        api_bind_addr = "127.0.0.1:3900";
         root_domain = ".${host}";
       };
 
       s3_web = {
-        bind_addr = "[::]:3902";
+        bind_addr = "127.0.0.1:3902";
         root_domain = ".${webHost}";
         index = "index.html";
       };
@@ -37,9 +37,26 @@ in {
     };
   };
 
-  services.nginx.virtualHosts.${host} = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/".proxyPass = "http://[::1]:3900";
+  services.nginx.virtualHosts = {
+    ${host} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/".extraConfig = ''
+        proxy_pass http://127.0.0.1:3900;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        # Disable buffering to a temporary file.
+        proxy_max_temp_file_size 0;
+      '';
+    };
+
+    ${webHost} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/".extraConfig = ''
+        proxy_pass http://127.0.0.1:3902;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;'';
+    };
   };
 }