fixing leaps: CORS fix with 'proxy_set_header Host' and 'proxy_read_t…

…imeout' increase fix for #26
nixcloud · May 9, 2018 · be57d52 · be57d52
1 parent 0e87e47
commit be57d52
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 43 deletions.
diff --git a/modules/services/reverse-proxy/default.nix b/modules/services/reverse-proxy/default.nix
@@ -199,7 +199,7 @@ in
             ${if r == "" then ''
               ${f}
               proxy_pass http://${location.ip}:${toString location.port}${ppp};
-            '' else r #"
+            '' else r
             }
               ${if (b != {}) then mkBasicAuth b else ""}
             }

diff --git a/modules/services/reverse-proxy/options.nix b/modules/services/reverse-proxy/options.nix
@@ -23,25 +23,6 @@ let
     '';
   };
 
-#   ssl_certificateSetModule = {
-#     options = {
-#       ssl_certificate = mkOption {
-#         type = types.path;
-#         description = ''
-#           A location containg the full path and filename to `/path/to/fullchain.pem`.
-#         '';
-#         example = "/path/to/fullchain.pem";
-#       };
-#       ssl_certificate_key = mkOption {
-#         type = types.path;
-#         description = ''
-#           A location containg the full path and filename to `/path/to/key.pem`.
-#         '';
-#         example = "/path/to/key.pem";
-#       };
-#     };
-#   };
-
   locationWebSocketModule = { config, lib, options, toplevel }: {
     options = {
       subpath = mkOption {
@@ -66,13 +47,6 @@ let
             The http.location can be used to override the default location record for http websocket (ws) usage when `http.mode = "on"` is set.
           '';
           default = "";
-          example = 
-            ''
-              proxy_http_version 1.1;
-              proxy_set_header Upgrade $http_upgrade;
-              proxy_set_header Connection "upgrade";
-              proxy_pass http://''${location.ip}:''${toString location.port}''${location.path};
-            '';
         };
         flags = mkOption {
           description = ''
@@ -83,11 +57,20 @@ let
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
+            proxy_set_header X-Forwarded-For $remote_addr;
+            proxy_read_timeout 36000s;
+            # required because of CORS
+            proxy_set_header Host $host;
           '';
           example = ''
+            # http websocket default flags
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
+            proxy_set_header X-Forwarded-For $remote_addr;
+            proxy_read_timeout 36000s;
+            # required because of CORS
+            proxy_set_header Host $host;
             add_header Strict-Transport-Security max-age=345678;
           '';
         };
@@ -108,10 +91,6 @@ let
             The https.location can be used to override the default location record for https websocket (wss) usage when `https.mode = "on"` is set.
           '';
           default = "";
-          example = 
-            ''
-              proxy_pass http://''${location.ip}:''${toString location.port}''${location.path};
-            '';
         };     
         flags = mkOption {
           description = ''
@@ -122,11 +101,20 @@ let
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
+            proxy_set_header X-Forwarded-For $remote_addr;
+            proxy_read_timeout 36000s;
+            # required because of CORS
+            proxy_set_header Host $host;
           '';
           example = ''
+            # https websocket default flags
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
+            proxy_set_header X-Forwarded-For $remote_addr;
+            proxy_read_timeout 36000s;
+            # required because of CORS
+            proxy_set_header Host $host;
             add_header Strict-Transport-Security max-age=345678;
           '';
         };        
@@ -269,7 +257,7 @@ in
         '';
         default = "";
         example = "";
-      };      
+      };
       flags = mkOption {
         description = ''
           Use `https.flags` to add headers to requests from the nixcloud.reverse-proxy to the internal webserver.

diff --git a/modules/web/services/leaps/default.nix b/modules/web/services/leaps/default.nix
@@ -1,13 +1,4 @@
 { config, pkgs, lib, mkUniqueUser, mkUniqueGroup, ... }:
-
-/* The leaps service:
-   You need to create files in /var/lib/nixcloud/webservices/leaps-z (or
-   similar) with the right permissions and uid/gid ownership manually.
-
-   The uid/gid can be looked up in /etc/passwd or by using ls -lathr on the
-   stateDir.
-*/
-
 {
   options = {};
 
@@ -21,8 +12,7 @@
 
   config = lib.mkIf config.enable {
 
-    # inject the leaps websocket for cooperative document opening/editing into
-    # proxyOptions
+    # inject the leaps websocket for cooperative document opening/editing into proxyOptions
     proxyOptions.websockets = {
       ws = {
         subpath = "/leaps/ws";