Uniformly proxy WebSocket connections and enable for Grafana

3 files changed, 28 insertions, 21 deletions

diff --git a/tw/services/grafana.scm b/tw/services/grafana.scm
index 051aa72b..65a3a60e 100644
--- a/tw/services/grafana.scm
+++ b/tw/services/grafana.scm
@@ -82,7 +82,8 @@ GF_DATE_FORMATS_INTERVAL_DAY=DD.MM.
                (destination-ip
                 (if (string=? bind-address "0.0.0.0")
                     "127.0.0.1"
-                    bind-address)))))))
+                    bind-address))
+               (websocket-uri "/api/live/ws/"))))))
 
 (define grafana-service-type
   (service-type
diff --git a/tw/services/paperless.scm b/tw/services/paperless.scm
index e115ea57..75998eee 100644
--- a/tw/services/paperless.scm
+++ b/tw/services/paperless.scm
@@ -4,7 +4,6 @@
   #:use-module (gnu services)
   #:use-module (gnu services configuration)
   #:use-module (gnu services databases)
-  #:use-module (gnu services web)
   #:use-module (guix records)
   #:use-module (tw services docker)
   #:use-module (tw services restic)
@@ -86,15 +85,7 @@ PAPERLESS_OCR_USER_ARGS={\"invalidate_digital_signatures\": true, \"continue_on_
                 (if (string=? bind-address "0.0.0.0")
                     "127.0.0.1"
                     bind-address))
-               (extra-locations
-                (list (nginx-location-configuration
-                       (uri "/ws/")   ; e.g. /ws/status/ endpoint
-                       ;; https://nginx.org/en/docs/http/websocket.html
-                       (body `(("proxy_pass http://" ,destination-ip ":"
-                                ,(number->string destination-port) ";")
-                               "proxy_http_version 1.1;"
-                               "proxy_set_header Upgrade $http_upgrade;"
-                               "proxy_set_header Connection \"upgrade\";"))))))))))
+               (websocket-uri "/ws/"))))))   ; e.g. /ws/status/ endpoint
 
 (define %paperless-backup-repo
   (restic-local-repository (path "/var/backups/paperless")))
diff --git a/tw/services/web.scm b/tw/services/web.scm
index aed11083..547521d8 100644
--- a/tw/services/web.scm
+++ b/tw/services/web.scm
@@ -14,6 +14,8 @@
   (program-file "nginx-cert-deploy-hook"
     #~(kill (call-with-input-file "/var/run/nginx/pid" read) SIGHUP)))
 
+(define-maybe/no-serialization string)
+
 (define (list-of-nginx-location-configurations? thing)
   (and (list? thing)
        (every nginx-location-configuration? thing)))
@@ -25,6 +27,9 @@ requests for.")
 proxied to.")
   (destination-ip (string "127.0.0.1") "The IP address of the server that
 should be proxied to.  Usually, this should be localhost.")
+  (websocket-uri maybe-string "An nginx URI prefix to which any WebSocket
+connections should be passed.  WebSocket requests to other URIs are not
+handled.")
   (extra-locations (list-of-nginx-location-configurations '()) "A list of
 @code{nginx-location-configuration} records to apply in addition to the
 default one."))
@@ -37,7 +42,7 @@ default one."))
 
 (define (reverse-proxy-nginx-server config)
   (match-record config <https-reverse-proxy-configuration>
-                (domains destination-port destination-ip extra-locations)
+                (domains destination-port destination-ip websocket-uri extra-locations)
     (nginx-server-configuration
      (listen '("443 ssl http2"))
      (server-name domains)
@@ -45,15 +50,25 @@ default one."))
      (ssl-certificate-key (string-append "/etc/letsencrypt/live/" (car domains) "/privkey.pem"))
      (server-tokens? #f)
      (locations
-      (cons (nginx-location-configuration
-             (uri "/")
-             (body `(("proxy_pass http://" ,destination-ip ":"
-                      ,(number->string destination-port) ";")
-                     ;; For Grafana: https://grafana.com/tutorials/run-grafana-behind-a-proxy/#configure-nginx
-                     "proxy_set_header Host $http_host;"
-                     ;; Allow large file uploads (for Paperless).
-                     "client_max_body_size 100M;")))
-            extra-locations)))))
+      `(,(nginx-location-configuration
+          (uri "/")
+          (body `(("proxy_pass http://" ,destination-ip ":"
+                   ,(number->string destination-port) ";")
+                  ;; For Grafana: https://grafana.com/tutorials/run-grafana-behind-a-proxy/#configure-nginx
+                  "proxy_set_header Host $http_host;"
+                  ;; Allow large file uploads (for Paperless).
+                  "client_max_body_size 100M;")))
+        ,@(if (maybe-value-set? websocket-uri)
+              (list (nginx-location-configuration
+                     (uri websocket-uri)
+                     ;; https://nginx.org/en/docs/http/websocket.html
+                     (body `(("proxy_pass http://" ,destination-ip ":"
+                              ,(number->string destination-port) ";")
+                             "proxy_http_version 1.1;"
+                             "proxy_set_header Upgrade $http_upgrade;"
+                             "proxy_set_header Connection \"upgrade\";"))))
+              '())
+        ,@extra-locations)))))
 
 (define (reverse-proxy-certificates configs)
   (map reverse-proxy-certificate configs))