From 7e709dd9823fbe956f8d9c87a1aa29703b94e9c9 Mon Sep 17 00:00:00 2001
From: Nathan Woodburn <github@nathan.woodburn.au>
Date: Fri, 15 Dec 2023 14:53:49 +1100
Subject: [PATCH] fix: Try to fix ssl errors

---
 nginx.conf | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/nginx.conf b/nginx.conf
index 51ee93b..60d7898 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,23 +1,37 @@
 upstream loadbalancer {
-    server doh.hnshosting.au:443 weight=1;
-    server easyhandshake.com:8053 weight=1;
-    server doh.hnsdns.com:443 weight=1;
-    server hs.dnssec.dev:443 weight=1;
-    server hnsns.net:443 weight=1;
+    server doh.hnshosting.au:443 weight=1 max_fails=1 fail_timeout=30s;
+    server easyhandshake.com:8053 weight=1 max_fails=1 fail_timeout=30s;
+    server doh.hnsdns.com:443 weight=1 max_fails=1 fail_timeout=30s;
+    server hs.dnssec.dev:443 weight=1 max_fails=1 fail_timeout=30s;
+    server hnsns.net:443 weight=1 max_fails=1 fail_timeout=30s;
 }
 
+map $host $upstream {
+    ~^doh\.hnshosting\.au$ doh.hnshosting.au;
+    ~^easyhandshake\.com$ easyhandshake.com;
+    ~^doh\.hnsdns\.com$ doh.hnsdns.com;
+    ~^hs\.dnssec\.dev$ hs.dnssec.dev;
+    ~^hnsns\.net$ hnsns.net;
+}
+
+
 server {
     listen 80;
     # Catch all servers
     server_name _;
 
     location / {
+        # Set the upstream based on the host header
+        proxy_set_header Host $upstream;
+
         proxy_pass https://loadbalancer;
+        proxy_ssl_verify off;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
 
         # Show which node served the request in logs
         add_header X-Load-Balancer-Node $upstream_addr;
+
     }
 }