jv
/
my-homelab-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bypass edge cache for app traffic
Homelab Main / deploy (push) Successful in 1m35s Details

This commit is contained in:
juvdiaz 2026-06-02 17:00:15 -06:00
parent 57a6a7283c
commit 00de9b0209
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bootstrap/edge/main.tf
View File

@ -15,6 +15,7 @@ locals {
server_name = var.server_name server_name = var.server_name
server_names = join(" ", local.server_names) server_names = join(" ", local.server_names)
backend_host = var.backend_host backend_host = var.backend_host
backend_port = tostring(var.backend_port)
demos_backend_port = var.demos_backend_port demos_backend_port = var.demos_backend_port
gitea_backend_host = var.gitea_backend_host gitea_backend_host = var.gitea_backend_host
gitea_backend_port = var.gitea_backend_port gitea_backend_port = var.gitea_backend_port
@ -260,6 +261,8 @@ if [ "$enable_letsencrypt" = "true" ]; then
"$certbot_image" certonly \ "$certbot_image" certonly \
--webroot \ --webroot \
-w /var/www/certbot \ -w /var/www/certbot \
--cert-name "$server_name" \
--expand \
$certbot_domain_args \ $certbot_domain_args \
--preferred-challenges http \ --preferred-challenges http \
--agree-tos \ --agree-tos \

10
bootstrap/edge/templates/default.conf.tftpl
View File

@ -8,8 +8,8 @@ limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=static_assets:10m max_size=100m inactive=24h; proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=static_assets:10m max_size=100m inactive=24h;
proxy_cache_path /var/cache/nginx_dynamic levels=1:2 keys_zone=dynamic_content:5m max_size=50m inactive=1h; proxy_cache_path /var/cache/nginx_dynamic levels=1:2 keys_zone=dynamic_content:5m max_size=50m inactive=1h;
upstream haproxy_backend { upstream homelab_backend {
server haproxy-dev:9000; server ${backend_host}:${backend_port};
} }
set_real_ip_from 173.245.48.0/20; set_real_ip_from 173.245.48.0/20;
@ -101,7 +101,7 @@ server {
} }
location ~* \.(css|js)$ { location ~* \.(css|js)$ {
proxy_pass http://haproxy_backend; proxy_pass http://homelab_backend;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -116,7 +116,7 @@ server {
} }
location ~* \.(jpg|jpeg|png|gif|ico|webp|svg)$ { location ~* \.(jpg|jpeg|png|gif|ico|webp|svg)$ {
proxy_pass http://haproxy_backend; proxy_pass http://homelab_backend;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -133,7 +133,7 @@ server {
location / { location / {
limit_req zone=one burst=20 nodelay; limit_req zone=one burst=20 nodelay;
proxy_pass http://haproxy_backend; proxy_pass http://homelab_backend;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;