From 42ed88bb9467915e0e5ad80fee4f7dd7b3cb4f16 Mon Sep 17 00:00:00 2001
From: reidlab <reidlab325@gmail.com>
Date: Fri, 11 Aug 2023 19:19:49 -0700
Subject: [PATCH] update nginx config (ngx-realip-module, lua-resty-websocket)

---
 hosts/server/configuration.nix | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 69a9ed4..0dce8af 100755
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -84,9 +84,30 @@
       rev = "v0.29";
       sha256 = "089ishx4482ybfsv10ig8h3cpsdw6rvgy0w874h1c7m1gk2fd7r9";
     };
+    lua-resty-websocket = pkgs.fetchFromGitHub {
+      owner = "openresty";
+      repo = "lua-resty-websocket";
+      rev = "v0.10";
+      sha256 = "0zpprfi5qc3066ab7g7nyr18jwlk3n8y0006maj4nlx38rl24vfh";
+    };
+    realIpsFromList = lib.strings.concatMapStringsSep "\n" (x: "set_real_ip_from  ${x};");
+    fileToList = x: lib.strings.splitString "\n" (builtins.readFile x);
+    cfipv4 = fileToList (pkgs.fetchurl {
+      url = "https://www.cloudflare.com/ips-v4";
+      sha256 = "0ywy9sg7spafi3gm9q5wb59lbiq0swvf0q3iazl0maq1pj1nsb7h";
+    });
+    cfipv6 = fileToList (pkgs.fetchurl {
+      url = "https://www.cloudflare.com/ips-v6";
+      sha256 = "1ad09hijignj6zlqvdjxv7rjj8567z357zfavv201b9vx3ikk7cy";
+    });
   in ''
     # Lua path
-    lua_package_path "/var/www/reidlab.online/lua/?.lua;;${lua-resty-template}/lib/?.lua;;${lua-resty-redis}/lib/?.lua;;";
+    lua_package_path "/var/www/reidlab.online/lua/?.lua;;${lua-resty-template}/lib/?.lua;;${lua-resty-redis}/lib/?.lua;;${lua-resty-websocket}/lib/?.lua;;";
+
+    # Realip
+    ${realIpsFromList cfipv4}
+    ${realIpsFromList cfipv6}
+    real_ip_header CF-Connecting-IP;
 
     # Add HSTS header with preloading to HTTPS requests.
     # Adding this header to HTTP requests is discouraged