Replying to @6@possum.city

@6 @luna its a pretty small script actually, it used to be a shellscript before but i rewrote it to js (ts) because thats less painful to maintain

#!/usr/bin/env -S deno -A
import { readdirSync, readFileSync } from "node:fs";

function getIp(host: string) {
	const ip = {
		phobos:		'10.51.93.117',
		tethys:		'10.51.93.115',
		triton:		'10.51.93.113',
		miranda:	'10.51.93.107',
		cupid:		'10.51.93.105',
	}[host];
	if(!ip) throw new Error(`Unknown host '${host}'`);
	return ip;
}

function mkEntry(domain: string, target: string) {
	const certsAvailable = readdirSync('/etc/letsencrypt/live').sort((a, b) => b.length - a.length);
	const certName = certsAvailable.find(cert => domain.endsWith(cert));
	const upstreamId = domain.replaceAll('.', '_');
	const targetIp = getIp(target.split(':')[0]);
	const targetPort = target.split(':')[1] ?? 80;
	if(!certName) throw new Error(`No cert found for '${domain}'`);

	console.log(`upstream ${upstreamId} {`);
	console.log(`\tserver ${targetIp}:${targetPort};`);
	console.log("}");
	console.log();
	console.log("server {");
	console.log(`\tserver_name ${domain};`);
	console.log();
	console.log("\tlisten 80;");
	console.log("\tlisten [::]:80;");
	console.log("\tlisten 443 ssl;");
	console.log("\tlisten [::]:443 ssl;");
	console.log(`\tssl_certificate /etc/letsencrypt/live/${certName}/fullchain.pem;`);
	console.log(`\tssl_certificate_key /etc/letsencrypt/live/${certName}/privkey.pem;`);
	console.log("\t");
	console.log("\tlocation / {");
	console.log("\t\tproxy_set_header Host \$host;");
	console.log("\t\tproxy_set_header X-Forwarded-Host \$host;");
	console.log("\t\tproxy_set_header X-Forwarded-Server \$host;");
	console.log("\t\tproxy_set_header X-Forwarded-Proto \$scheme;");
	console.log("\t\tproxy_set_header X-Real-IP \$remote_addr;");
	console.log("\t\tproxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;");
	console.log("\t\tproxy_set_header Upgrade \$http_upgrade;");
	console.log("\t\tproxy_set_header Connection \$connection_upgrade;");
	console.log("\t\tproxy_http_version 1.1;");
	console.log("\t\tclient_max_body_size 1G;");
	console.log(`\t\tproxy_pass http://${upstreamId};`);
	console.log("\t}");
	console.log("}");
	console.log("\n");
}

for(const line of readFileSync('proxy.list').toString().trim().split('\n')) {
	const [domain, target] = line.match(/[^ \t]+/g)!;
	mkEntry(domain, target);
}
Jul 5, 2026, 12:46 UTC