diff options
-rw-r--r-- | tw/services/grafana.scm | 3 | ||||
-rw-r--r-- | tw/services/paperless.scm | 11 | ||||
-rw-r--r-- | tw/services/web.scm | 35 |
3 files changed, 28 insertions, 21 deletions
diff --git a/tw/services/grafana.scm b/tw/services/grafana.scm index 051aa72b..65a3a60e 100644 --- a/tw/services/grafana.scm +++ b/tw/services/grafana.scm @@ -82,7 +82,8 @@ GF_DATE_FORMATS_INTERVAL_DAY=DD.MM. (destination-ip (if (string=? bind-address "0.0.0.0") "127.0.0.1" - bind-address))))))) + bind-address)) + (websocket-uri "/api/live/ws/")))))) (define grafana-service-type (service-type diff --git a/tw/services/paperless.scm b/tw/services/paperless.scm index e115ea57..75998eee 100644 --- a/tw/services/paperless.scm +++ b/tw/services/paperless.scm @@ -4,7 +4,6 @@ #:use-module (gnu services) #:use-module (gnu services configuration) #:use-module (gnu services databases) - #:use-module (gnu services web) #:use-module (guix records) #:use-module (tw services docker) #:use-module (tw services restic) @@ -86,15 +85,7 @@ PAPERLESS_OCR_USER_ARGS={\"invalidate_digital_signatures\": true, \"continue_on_ (if (string=? bind-address "0.0.0.0") "127.0.0.1" bind-address)) - (extra-locations - (list (nginx-location-configuration - (uri "/ws/") ; e.g. /ws/status/ endpoint - ;; https://nginx.org/en/docs/http/websocket.html - (body `(("proxy_pass http://" ,destination-ip ":" - ,(number->string destination-port) ";") - "proxy_http_version 1.1;" - "proxy_set_header Upgrade $http_upgrade;" - "proxy_set_header Connection \"upgrade\";")))))))))) + (websocket-uri "/ws/")))))) ; e.g. /ws/status/ endpoint (define %paperless-backup-repo (restic-local-repository (path "/var/backups/paperless"))) diff --git a/tw/services/web.scm b/tw/services/web.scm index aed11083..547521d8 100644 --- a/tw/services/web.scm +++ b/tw/services/web.scm @@ -14,6 +14,8 @@ (program-file "nginx-cert-deploy-hook" #~(kill (call-with-input-file "/var/run/nginx/pid" read) SIGHUP))) +(define-maybe/no-serialization string) + (define (list-of-nginx-location-configurations? thing) (and (list? thing) (every nginx-location-configuration? thing))) @@ -25,6 +27,9 @@ requests for.") proxied to.") (destination-ip (string "127.0.0.1") "The IP address of the server that should be proxied to. Usually, this should be localhost.") + (websocket-uri maybe-string "An nginx URI prefix to which any WebSocket +connections should be passed. WebSocket requests to other URIs are not +handled.") (extra-locations (list-of-nginx-location-configurations '()) "A list of @code{nginx-location-configuration} records to apply in addition to the default one.")) @@ -37,7 +42,7 @@ default one.")) (define (reverse-proxy-nginx-server config) (match-record config <https-reverse-proxy-configuration> - (domains destination-port destination-ip extra-locations) + (domains destination-port destination-ip websocket-uri extra-locations) (nginx-server-configuration (listen '("443 ssl http2")) (server-name domains) @@ -45,15 +50,25 @@ default one.")) (ssl-certificate-key (string-append "/etc/letsencrypt/live/" (car domains) "/privkey.pem")) (server-tokens? #f) (locations - (cons (nginx-location-configuration - (uri "/") - (body `(("proxy_pass http://" ,destination-ip ":" - ,(number->string destination-port) ";") - ;; For Grafana: https://grafana.com/tutorials/run-grafana-behind-a-proxy/#configure-nginx - "proxy_set_header Host $http_host;" - ;; Allow large file uploads (for Paperless). - "client_max_body_size 100M;"))) - extra-locations))))) + `(,(nginx-location-configuration + (uri "/") + (body `(("proxy_pass http://" ,destination-ip ":" + ,(number->string destination-port) ";") + ;; For Grafana: https://grafana.com/tutorials/run-grafana-behind-a-proxy/#configure-nginx + "proxy_set_header Host $http_host;" + ;; Allow large file uploads (for Paperless). + "client_max_body_size 100M;"))) + ,@(if (maybe-value-set? websocket-uri) + (list (nginx-location-configuration + (uri websocket-uri) + ;; https://nginx.org/en/docs/http/websocket.html + (body `(("proxy_pass http://" ,destination-ip ":" + ,(number->string destination-port) ";") + "proxy_http_version 1.1;" + "proxy_set_header Upgrade $http_upgrade;" + "proxy_set_header Connection \"upgrade\";")))) + '()) + ,@extra-locations))))) (define (reverse-proxy-certificates configs) (map reverse-proxy-certificate configs)) |