nginx: Use unified UPSTREAM_ENDPOINT environment

This commit unifies the `UPSTREAM_HOST` and `UPSTREAM_PORT` environment variables to a new `UPSTREAM_ENDPOINT` variable, making additional customizations (such as a `proxy_pass` to a sub-path) possible.
2022-10-28 17:44:26 +01:00 · 2022-10-28 17:44:26 +01:00 · e637394c12
parent ec0b4c697b
commit e637394c12
3 changed files with 9 additions and 10 deletions
--- a/host/virtual/spec.bu
+++ b/host/virtual/spec.bu
@ -83,7 +83,7 @@ systemd:
        - name: prosody-upstream.conf
          contents: |
            [Service]
-            Environment=UPSTREAM_HOST=prosody UPSTREAM_PORT=5280
+            Environment=UPSTREAM_ENDPOINT=prosody:5280

    - name: nginx-proxy-http@dav.localhost.service
      enabled: true
@ -91,7 +91,7 @@ systemd:
        - name: radicale-upstream.conf
          contents: |
            [Service]
-            Environment=UPSTREAM_HOST=radicale UPSTREAM_PORT=5232
+            Environment=UPSTREAM_ENDPOINT=radicale:5232

    - name: nginx-proxy-http@music.localhost.service
      enabled: true
@ -99,7 +99,7 @@ systemd:
        - name: navidrome-upstream.conf
          contents: |
            [Service]
-            Environment=UPSTREAM_HOST=navidrome UPSTREAM_PORT=4533
+            Environment=UPSTREAM_ENDPOINT=navidrome:4533

    - name: nginx-proxy-http@metrics.localhost.service
      enabled: true
@ -107,7 +107,7 @@ systemd:
        - name: grafana-upstream.conf
          contents: |
            [Service]
-            Environment=UPSTREAM_HOST=grafana UPSTREAM_PORT=8080
+            Environment=UPSTREAM_ENDPOINT=grafana:8080

    - name: nginx-proxy-http@gitea.localhost.service
      enabled: true
@ -115,7 +115,7 @@ systemd:
        - name: gitea-upstream.conf
          contents: |
            [Service]
-            Environment=UPSTREAM_HOST=gitea UPSTREAM_PORT=8080
+            Environment=UPSTREAM_ENDPOINT=gitea:8080

    - name: nginx-proxy-http@lldap.localhost.service
      enabled: true
@ -123,7 +123,7 @@ systemd:
        - name: lldap-upstream.conf
          contents: |
            [Service]
-            Environment=UPSTREAM_HOST=lldap UPSTREAM_PORT=8080
+            Environment=UPSTREAM_ENDPOINT=lldap:8080

    - name: letsencrypt-dns-register@localhost.service
      enabled: true
--- a/service/nginx/service/nginx-proxy-http.conf.template
+++ b/service/nginx/service/nginx-proxy-http.conf.template
@ -12,7 +12,7 @@ server {
    ssl_certificate_key /etc/ssl/private/certificates/${SSL_CERT_NAME}.key;

    include resolver.conf;
-    set $upstream_endpoint http://${UPSTREAM_HOST}:${UPSTREAM_PORT};
+    set $upstream_endpoint http://${UPSTREAM_ENDPOINT};

    location / {
        proxy_set_header Host $host;
--- a/service/nginx/systemd/nginx-proxy-http@.service
+++ b/service/nginx/systemd/nginx-proxy-http@.service
@ -7,10 +7,9 @@ After=nginx.service %i.service
 Type=oneshot
 RemainAfterExit=true
 SyslogIdentifier=%N
-Environment=SERVER_NAME=%i SSL_CERT_NAME=%i UPSTREAM_HOST=%i UPSTREAM_PORT=8080
+Environment=SERVER_NAME=%i SSL_CERT_NAME=%i UPSTREAM_ENDPOINT=%i:8080
 Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template
-ExecStart=/bin/sh -c "envsubst '$SERVER_NAME $SERVER_NAME_ALT $SSL_CERT_NAME $UPSTREAM_HOST $UPSTREAM_PORT' \
-                     < ${NGINX_CONF} > /tmp/%i.conf"
+ExecStart=/bin/sh -c "envsubst '$SERVER_NAME $SERVER_NAME_ALT $SSL_CERT_NAME $UPSTREAM_ENDPOINT' < ${NGINX_CONF} > /tmp/%i.conf"
 ExecStartPost=/bin/sh -c 'podman cp /tmp/%i.conf nginx:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%i.conf'
 ExecStartPost=/bin/podman exec nginx nginx -s reload
 ExecStop=/bin/podman exec nginx rm --force /etc/nginx/conf.d/%i.conf