nginx: Move back to separate UPSTREAM variables

This commit moves the `nginx-proxy-http` service back to separate
`UPSTREAM_HOST`, `UPSTREAM_PORT`, and `UPSTREAM_PATH` variables, which
allows for more granular configuration, e.g. `proxy_redirect` patterns.

host/virtual/spec.bu

@@ -83,7 +83,7 @@ systemd:
         - name: prosody-upstream.conf
           contents: |
             [Service]
-            Environment=UPSTREAM_ENDPOINT=prosody:5280
+            Environment=UPSTREAM_HOST=prosody UPSTREAM_PORT=5280
 
     - name: nginx-proxy-http@dav.localhost.service
       enabled: true
@@ -91,7 +91,7 @@ systemd:
         - name: radicale-upstream.conf
           contents: |
             [Service]
-            Environment=UPSTREAM_ENDPOINT=radicale:5232
+            Environment=UPSTREAM_HOST=radicale UPSTREAM_PORT=5232
 
     - name: nginx-proxy-http@music.localhost.service
       enabled: true
@@ -99,7 +99,7 @@ systemd:
         - name: navidrome-upstream.conf
           contents: |
             [Service]
-            Environment=UPSTREAM_ENDPOINT=navidrome:4533
+            Environment=UPSTREAM_HOST=navidrome UPSTREAM_PORT=4533
 
     - name: nginx-proxy-http@metrics.localhost.service
       enabled: true
@@ -107,7 +107,7 @@ systemd:
         - name: grafana-upstream.conf
           contents: |
             [Service]
-            Environment=UPSTREAM_ENDPOINT=grafana:8080
+            Environment=UPSTREAM_HOST=grafana UPSTREAM_PORT=8080
 
     - name: nginx-proxy-http@gitea.localhost.service
       enabled: true
@@ -115,7 +115,7 @@ systemd:
         - name: gitea-upstream.conf
           contents: |
             [Service]
-            Environment=UPSTREAM_ENDPOINT=gitea:8080
+            Environment=UPSTREAM_HOST=gitea UPSTREAM_PORT=8080
 
     - name: nginx-proxy-http@lldap.localhost.service
       enabled: true
@@ -123,7 +123,7 @@ systemd:
         - name: lldap-upstream.conf
           contents: |
             [Service]
-            Environment=UPSTREAM_ENDPOINT=lldap:8080
+            Environment=UPSTREAM_HOST=lldap UPSTREAM_PORT=8080
 
     - name: letsencrypt-dns-register@localhost.service
       enabled: true

service/nginx/service/nginx-proxy-http.conf.template

@@ -12,13 +12,15 @@ server {
     ssl_certificate_key /etc/ssl/private/certificates/${SSL_CERT_NAME}.key;
 
     include resolver.conf;
-    set $upstream_endpoint http://${UPSTREAM_ENDPOINT};
+    set $upstream_endpoint http://${UPSTREAM_HOST}:${UPSTREAM_PORT}${UPSTREAM_PATH};
 
     location / {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_pass $upstream_endpoint;
+        proxy_pass $upstream_endpoint$request_uri;
+        proxy_redirect http://$upstream_endpoint /;
+        proxy_redirect http://${SERVER_NAME}:${UPSTREAM_PORT}${UPSTREAM_PATH} /;
     }
 }

service/nginx/systemd/nginx-proxy-http@.service

@@ -7,9 +7,9 @@ After=nginx.service %i.service
 Type=oneshot
 RemainAfterExit=true
 SyslogIdentifier=%N
-Environment=SERVER_NAME=%i SSL_CERT_NAME=%i UPSTREAM_ENDPOINT=%i:8080
+Environment=SERVER_NAME=%i SSL_CERT_NAME=%i UPSTREAM_HOST=%i UPSTREAM_PORT=8080 UPSTREAM_PATH=
 Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template
-ExecStart=/bin/sh -c "envsubst '$SERVER_NAME $SERVER_NAME_ALT $SSL_CERT_NAME $UPSTREAM_ENDPOINT' < ${NGINX_CONF} > /tmp/%i.conf"
+ExecStart=/bin/sh -c "envsubst '$SERVER_NAME $SERVER_NAME_ALT $SSL_CERT_NAME $UPSTREAM_HOST $UPSTREAM_PORT $UPSTREAM_PATH' < ${NGINX_CONF} > /tmp/%i.conf"
 ExecStartPost=/bin/sh -c 'podman cp /tmp/%i.conf nginx:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%i.conf'
 ExecStartPost=/bin/podman exec nginx nginx -s reload
 ExecStop=/bin/podman exec nginx rm --force /etc/nginx/conf.d/%i.conf