Unverified Commit 0405f027 authored by Sandro Jäckel's avatar Sandro Jäckel
Browse files

nixos/tailscale-derper: drop nginx upstream to improve reliability 

When I initially tested this, the upstream seemed a good idea and worked
as expected but it no longer does and disconnects clients every 60
seconds indicated by the following line in tailscaled on the client:

magicsock: [0xc00444a640] derp.Recv(derp-901): derp.Recv: EOF

By connecting directly things work more reliable and there are no
connection resets every 60 seconds anymore.
parent d27bff62

nixos/modules/services/networking/tailscale-derper.nix

+1 −7
Original line number Diff line number Diff line
@@ -68,16 +68,10 @@ in 
    services = {

      nginx = {

        enable = true;

        upstreams.tailscale-derper = {

          servers."127.0.0.1:${toString cfg.port}" = { };

          extraConfig = ''

            keepalive 64;

          '';

        };

        virtualHosts."${cfg.domain}" = {

          addSSL = true; # this cannot be forceSSL as derper sends some information over port 80, too.

          locations."/" = {

            proxyPass = "http://tailscale-derper";

            proxyPass = "http://127.0.0.1:${toString cfg.port}";

            proxyWebsockets = true;

            extraConfig = ''

              keepalive_timeout 0;