From 099de58dddc514a47323ec93051cb31f782243bb Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Sat, 30 Mar 2024 15:38:56 -0500
Subject: Uniformly proxy WebSocket connections and enable for Grafana

---
 tw/services/web.scm | 35 +++++++++++++++++++++++++----------
 1 file changed, 25 insertions(+), 10 deletions(-)

(limited to 'tw/services/web.scm')

diff --git a/tw/services/web.scm b/tw/services/web.scm
index aed11083..547521d8 100644
--- a/tw/services/web.scm
+++ b/tw/services/web.scm
@@ -14,6 +14,8 @@
   (program-file "nginx-cert-deploy-hook"
     #~(kill (call-with-input-file "/var/run/nginx/pid" read) SIGHUP)))
 
+(define-maybe/no-serialization string)
+
 (define (list-of-nginx-location-configurations? thing)
   (and (list? thing)
        (every nginx-location-configuration? thing)))
@@ -25,6 +27,9 @@ requests for.")
 proxied to.")
   (destination-ip (string "127.0.0.1") "The IP address of the server that
 should be proxied to.  Usually, this should be localhost.")
+  (websocket-uri maybe-string "An nginx URI prefix to which any WebSocket
+connections should be passed.  WebSocket requests to other URIs are not
+handled.")
   (extra-locations (list-of-nginx-location-configurations '()) "A list of
 @code{nginx-location-configuration} records to apply in addition to the
 default one."))
@@ -37,7 +42,7 @@ default one."))
 
 (define (reverse-proxy-nginx-server config)
   (match-record config <https-reverse-proxy-configuration>
-                (domains destination-port destination-ip extra-locations)
+                (domains destination-port destination-ip websocket-uri extra-locations)
     (nginx-server-configuration
      (listen '("443 ssl http2"))
      (server-name domains)
@@ -45,15 +50,25 @@ default one."))
      (ssl-certificate-key (string-append "/etc/letsencrypt/live/" (car domains) "/privkey.pem"))
      (server-tokens? #f)
      (locations
-      (cons (nginx-location-configuration
-             (uri "/")
-             (body `(("proxy_pass http://" ,destination-ip ":"
-                      ,(number->string destination-port) ";")
-                     ;; For Grafana: https://grafana.com/tutorials/run-grafana-behind-a-proxy/#configure-nginx
-                     "proxy_set_header Host $http_host;"
-                     ;; Allow large file uploads (for Paperless).
-                     "client_max_body_size 100M;")))
-            extra-locations)))))
+      `(,(nginx-location-configuration
+          (uri "/")
+          (body `(("proxy_pass http://" ,destination-ip ":"
+                   ,(number->string destination-port) ";")
+                  ;; For Grafana: https://grafana.com/tutorials/run-grafana-behind-a-proxy/#configure-nginx
+                  "proxy_set_header Host $http_host;"
+                  ;; Allow large file uploads (for Paperless).
+                  "client_max_body_size 100M;")))
+        ,@(if (maybe-value-set? websocket-uri)
+              (list (nginx-location-configuration
+                     (uri websocket-uri)
+                     ;; https://nginx.org/en/docs/http/websocket.html
+                     (body `(("proxy_pass http://" ,destination-ip ":"
+                              ,(number->string destination-port) ";")
+                             "proxy_http_version 1.1;"
+                             "proxy_set_header Upgrade $http_upgrade;"
+                             "proxy_set_header Connection \"upgrade\";"))))
+              '())
+        ,@extra-locations)))))
 
 (define (reverse-proxy-certificates configs)
   (map reverse-proxy-certificate configs))
-- 
cgit v1.2.3