virtual_host: Proxy websockets based on HTTP Upgrade header

This is more foregiving that trying to determine what paths are used for websockets.

virtual_host: Proxy websockets based on HTTP Upgrade header
This is more foregiving that trying to determine what paths are used for websockets.
b073821a · James T. Lee · 9d5d6776 · b073821a · b073821a · b073821a
Commit b073821a authored Dec 03, 2020 by James T. Lee
4 changed files
--- a/manifests/lib/reverse_proxy.pp
+++ b/manifests/lib/reverse_proxy.pp
@@ -5,39 +5,34 @@ define nest::lib::reverse_proxy (
  Optional[Variant[String[1], Array[String[1]]]] $ip = undef,
  Optional[Integer] $port                            = undef,
  Boolean $ssl                                       = true,
-  Optional[String[1]] $websockets                    = undef,
+  Boolean $encoded_slashes                           = false,
-  Boolean $allow_encoded_slashes                     = false,
  Boolean $preserve_host                             = false,
+  Variant[Boolean, String] $websockets               = false,
  Hash[String[1], Any] $extra_params                 = {},
 ) {
-  if $websockets {
+  if $encoded_slashes {
-    include '::apache::mod::proxy_wstunnel'
+    $proxy_pass_keywords = ['nocanon']
+    $allow_encoded_slashes = on
  }
-  $proxy_pass_match = [
+  $proxy_pass = [{
-    $websockets ? {
+    'path'     => '/',
-      undef   => [],
+    'url'      => "http://${destination}/",
-      default => {
+    'keywords' => $proxy_pass_keywords,
-        'path'         => "^/(${websockets})$",
+  }]
-        'url'          => "ws://${destination}/\$1",
-        'reverse_urls' => [],
+  if $websockets {
-      },
+    include '::apache::mod::proxy_wstunnel'
-    },
-    $allow_encoded_slashes ? {
+    $wsdestination = $websockets ? {
-      true    => {
+      String  => $websockets,
-        'path'         => '^/(.*)$',
+      default => $destination,
-        'url'          => "http://${destination}/\$1",
+    }
-        'keywords'     => ['nocanon'],
-        'reverse_urls' => [],
-      },
-      default => [],
-    },
-  ].flatten
-  $vhost_allow_encoded_slashes = $allow_encoded_slashes ? {
+    $websocket_rewrites = [{
-    true    => on,
+      'rewrite_cond' => ['%{HTTP:Upgrade} =websocket [NC]'],
-    default => undef,
+      'rewrite_rule' => ["^/(.*)$ ws://${wsdestination}/\$1 [P,L]"],
+    }]
  }
  $certbot_exception = @(EOT)
@@ -56,10 +51,10 @@ define nest::lib::reverse_proxy (
    ssl           => $ssl,
    zfs_docroot   => false,
    extra_params  => {
-      'allow_encoded_slashes' => $vhost_allow_encoded_slashes,
+      'allow_encoded_slashes' => $allow_encoded_slashes,
+      'proxy_pass'            => $proxy_pass,
      'proxy_preserve_host'   => $preserve_host,
-      'proxy_pass_match'      => $proxy_pass_match,
+      'rewrites'              => $websocket_rewrites,
-      'proxy_dest'            => "http://${destination}",
      'custom_fragment'       => $certbot_exception,
    } + $extra_params,
  }

--- a/manifests/node/falcon.pp
+++ b/manifests/node/falcon.pp
@@ -106,10 +106,14 @@ class nest::node::falcon {
  $cpuset_param = "--cpuset-cpus ${cpuset}"
  Docker::Run {
-    dns              => '172.22.0.1',
+    dns                               => '172.22.0.1',
-    dns_search       => 'nest',
+    dns_search                        => 'nest',
-    extra_parameters => $cpuset_param,
+    extra_parameters                  => $cpuset_param,
-    service_provider => 'systemd',
+    # XXX: These should be added to site.pp after docker -> podman switch
+    docker_service                    => false,
+    restart_service_on_docker_refresh => false,
+    service_provider                  => 'systemd',
  }
  docker::run { 'nzbget':
@@ -196,7 +200,7 @@ class nest::node::falcon {
    'plex.nest':
      destination => 'localhost:32400',
-      websockets  => ':/websockets/.*',
+      websockets  => true,
    ;
    'radarr.nest':

--- a/manifests/service/gitlab.pp
+++ b/manifests/service/gitlab.pp
@@ -68,9 +68,9 @@ class nest::service::gitlab (
    ;
    'gitlab.james.tl':
-      destination           => '172.18.0.2',
+      destination     => '172.18.0.2',
-      websockets            => '.*\.ws',
+      encoded_slashes => true,
-      allow_encoded_slashes => true,
+      websockets      => true,
    ;
    'registry.gitlab.james.tl':

--- a/manifests/service/gitlab_runner.pp
+++ b/manifests/service/gitlab_runner.pp
@@ -53,8 +53,8 @@ define nest::service::gitlab_runner (
      '/run/podman/podman.sock:/var/run/docker.sock',
      "/srv/gitlab-runner/${name}:/etc/gitlab-runner",
    ],
-    service_provider => 'systemd',
    depend_services  => ['podman.socket'],
+    docker_service   => 'podman.socket',
    require          => Exec["gitlab-runner-${name}-register"],
  }
 }