From 1f8156e868fdfd6b6ae1bae12c596e6e8ed5e118 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Mon, 26 Aug 2024 13:07:59 -0400 Subject: [PATCH] Move most Nginx proxies to the individual services --- flake.nix | 8 +- home-manager/jimbo_desktop.nix | 4 +- home-manager/tuiapps/ranger.nix | 2 +- nixos/desktop.nix | 2 +- nixos/server.nix | 2 +- nixos/server/element.nix | 15 ++- nixos/server/gitea.nix | 50 ++++++---- nixos/server/lemmy.nix | 38 +++++--- nixos/server/mailserver.nix | 10 ++ nixos/server/nextcloud.nix | 63 +++++++----- nixos/server/nginx.nix | 163 +++++--------------------------- nixos/server/owncast.nix | 24 +++-- nixos/server/pufferpanel.nix | 48 ++++++---- nixos/server/synapse.nix | 31 +++++- nixos/server/tandoor.nix | 20 +++- nixos/server/vaultwarden.nix | 50 ++++++---- 16 files changed, 267 insertions(+), 263 deletions(-) diff --git a/flake.nix b/flake.nix index 902f856..59c55ce 100644 --- a/flake.nix +++ b/flake.nix @@ -50,13 +50,13 @@ # NixOS configuration entrypoint, use 'nixos-rebuild --flake .#your-hostname' nixosConfigurations = { - JimNixDesktop = nixpkgs.lib.nixosSystem { + JimDesktop = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs;}; modules = [ ./nixos/desktop.nix ]; }; - JimNixServer = nixpkgs.lib.nixosSystem { + JimServer = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs;}; modules = [ ./nixos/server.nix @@ -68,7 +68,7 @@ # Standalone home-manager configuration entrypoint # Available through 'home-manager --flake .#your-username@your-hostname' homeConfigurations = { - "jimbo@JimNixDesktop" = home-manager.lib.homeManagerConfiguration { + "jimbo@JimDesktop" = home-manager.lib.homeManagerConfiguration { pkgs = nixpkgs.legacyPackages.x86_64-linux; extraSpecialArgs = {inherit inputs outputs;}; modules = [ @@ -76,7 +76,7 @@ nur.nixosModules.nur ]; }; - "jimbo@JimNixServer" = home-manager.lib.homeManagerConfiguration { + "jimbo@JimServer" = home-manager.lib.homeManagerConfiguration { pkgs = nixpkgs.legacyPackages.x86_64-linux; extraSpecialArgs = {inherit inputs outputs;}; modules = [ diff --git a/home-manager/jimbo_desktop.nix b/home-manager/jimbo_desktop.nix index b246304..d99c9fa 100644 --- a/home-manager/jimbo_desktop.nix +++ b/home-manager/jimbo_desktop.nix @@ -44,8 +44,8 @@ auth = import ./common/auth.nix; in { nixdate = '' - ${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimNixDesktop; - home-manager switch --flake /etc/nixos/.#jimbo@JimNixDesktop; + ${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimDesktop; + home-manager switch --flake /etc/nixos/.#jimbo@JimDesktop; notify-send "NixOS switch finished." ''; }; diff --git a/home-manager/tuiapps/ranger.nix b/home-manager/tuiapps/ranger.nix index 81fe1e9..f64a6a5 100644 --- a/home-manager/tuiapps/ranger.nix +++ b/home-manager/tuiapps/ranger.nix @@ -78,7 +78,7 @@ command = ''wine "$1"''; } { - condition = ''ext 7z|ace|ar|arc|bz2?|cab|cpio|cpt|deb|dgc|dmg|gz|iso|jar|pkg|rar|shar|tar|tgz|xar|xpi|xz|zip, has 7z''; + condition = ''ext 7z|ace|ar|arc|bz2?|cab|cpio|cpt|deb|dgc|dmg|gz|iso|jar|pkg|rar|shar|tar|tgz|xar|xpi|xz|zip|zst, has 7z''; command = ''7z x -- "$@"''; } { diff --git a/nixos/desktop.nix b/nixos/desktop.nix index 2f491e8..98cf6d3 100644 --- a/nixos/desktop.nix +++ b/nixos/desktop.nix @@ -31,5 +31,5 @@ ./services/mpd.nix ]; - networking.hostName = "JimNixDesktop"; + networking.hostName = "JimDesktop"; } diff --git a/nixos/server.nix b/nixos/server.nix index d876075..938c8f9 100644 --- a/nixos/server.nix +++ b/nixos/server.nix @@ -40,5 +40,5 @@ ]; services.openssh.ports = [ 2222 ]; - networking.hostName = "JimNixServer"; + networking.hostName = "JimServer"; } diff --git a/nixos/server/element.nix b/nixos/server/element.nix index 1319ef9..723a47a 100644 --- a/nixos/server/element.nix +++ b/nixos/server/element.nix @@ -1,8 +1,8 @@ -{ +let + secrets = import ../modules/secrets.nix; +in { # Configure the Element web server - nixpkgs.config.element-web.conf = let - secrets = import ../modules/secrets.nix; - in { + nixpkgs.config.element-web.conf { default_server_config = { "m.homeserver" = { base_url = "https://matrix.${secrets.jimDomain}"; @@ -20,4 +20,11 @@ disable_guests = true; default_theme = "dark"; }; + + # Serve the Element page over Nginx + services.nginx.virtualHosts."chat.${secrets.jimDomain}" = { + enableACME = true; + addSSL = true; + root = "${pkgs.element-web}"; + }; } diff --git a/nixos/server/gitea.nix b/nixos/server/gitea.nix index 40014e4..2159208 100644 --- a/nixos/server/gitea.nix +++ b/nixos/server/gitea.nix @@ -1,25 +1,35 @@ -{ - services.gitea = let - secrets = import ../modules/secrets.nix; - in { - enable = true; - settings = { - server = { - DOMAIN = "git.${secrets.jimDomain}"; - ROOT_URL = "https://git.${secrets.jimDomain}:443"; - HTTP_PORT = 3110; - SSH_PORT = 2299; - START_SSH_SERVER = true; +let + secrets = import ../modules/secrets.nix; +in { + services = { + gitea = { + enable = true; + settings = { + server = { + DOMAIN = "git.${secrets.jimDomain}"; + ROOT_URL = "https://git.${secrets.jimDomain}:443"; + HTTP_PORT = 3110; + SSH_PORT = 2299; + START_SSH_SERVER = true; + }; + mailer = { + ENABLED = true; + SMTP_ADDR = "mx.${secrets.jimDomain}"; + FROM = "Jimbo's Git "; + USER = "noreply@${secrets.jimDomain}"; + PASSWD = secrets.noreplyPassword; + PROTOCOL = "smtps"; + }; + service.REGISTER_EMAIL_CONFIRM = true; }; - mailer = { - ENABLED = true; - SMTP_ADDR = "mx.${secrets.jimDomain}"; - FROM = "Jimbo's Git "; - USER = "noreply@${secrets.jimDomain}"; - PASSWD = secrets.noreplyPassword; - PROTOCOL = "smtps"; + }; + nginx.virtualHosts."git.${secrets.jimDomain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3110"; + proxyWebsockets = true; }; - service.REGISTER_EMAIL_CONFIRM = true; }; }; } diff --git a/nixos/server/lemmy.nix b/nixos/server/lemmy.nix index a54fbf2..21d7d79 100644 --- a/nixos/server/lemmy.nix +++ b/nixos/server/lemmy.nix @@ -1,19 +1,27 @@ -{ - services.lemmy = let - secrets = import ../modules/secrets.nix; - in { - enable = true; - nginx.enable = true; - database.createLocally = true; - settings = { - hostname = "lemmy.${secrets.jimDomain}"; - email = { - smtp_server = "mx.${secrets.jimDomain}:587"; - smtp_login = "noreply@${secrets.jimDomain}"; - smtp_from_address = "Jimbo's Lemmy "; - smtp_password = secrets.noreplyPassword; - tls_type = "starttls"; +let + secrets = import ../modules/secrets.nix; +in { + services = { + lemmy { + enable = true; + nginx.enable = true; + database.createLocally = true; + settings = { + hostname = "lemmy.${secrets.jimDomain}"; + email = { + smtp_server = "mx.${secrets.jimDomain}:587"; + smtp_login = "noreply@${secrets.jimDomain}"; + smtp_from_address = "Jimbo's Lemmy "; + smtp_password = secrets.noreplyPassword; + tls_type = "starttls"; + }; }; }; + + # Add SSL to webpage + nginx.virtualHosts."lemmy.${secrets.jimDomain}" = { + enableACME = true; + forceSSL = true; + }; }; } diff --git a/nixos/server/mailserver.nix b/nixos/server/mailserver.nix index 44177cd..30e8fb0 100644 --- a/nixos/server/mailserver.nix +++ b/nixos/server/mailserver.nix @@ -50,5 +50,15 @@ in rec { # Force the mailserver to use a different redis port redis.servers.rspamd.port = 1515; + + # The hostname mail ports use + nginx.virtualHosts."mx.${secrets.jimDomain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:1390"; + proxyWebsockets = true; + }; + }; }; } diff --git a/nixos/server/nextcloud.nix b/nixos/server/nextcloud.nix index 2aeaf11..f8f2116 100644 --- a/nixos/server/nextcloud.nix +++ b/nixos/server/nextcloud.nix @@ -1,30 +1,47 @@ {pkgs, ...}: let secrets = import ../modules/secrets.nix; in { - services.nextcloud = { - enable = true; - package = pkgs.nextcloud29; - hostName = "cloud.${secrets.jimDomain}"; - datadir = "/mnt/nextcloud"; - https = true; - config = { - adminuser = "jimbo"; - adminpassFile = "/mnt/nextcloud/password.txt"; - }; - settings = { - trusted_proxies = [ "127.0.0.1" ]; - trusted_domains = [ "cloud.${secrets.jimDomain}" ]; - overwriteprotocol = "https"; + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud29; + hostName = "cloud.${secrets.jimDomain}"; + datadir = "/mnt/nextcloud"; + https = true; + config = { + adminuser = "jimbo"; + adminpassFile = "/mnt/nextcloud/password.txt"; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + trusted_domains = [ "cloud.${secrets.jimDomain}" ]; + overwriteprotocol = "https"; - # Mailserver settings - mail_smtphost = "mx.${secrets.jimDomain}"; - mail_domain = "${secrets.jimDomain}"; - mail_from_address = "noreply"; - mail_smtpauth = "true"; - mail_smtpname = "noreply@${secrets.jimDomain}"; - mail_smtppassword = secrets.noreplyPassword; - mail_smtpmode = "smtp"; - mail_smtpport = 587; + # Mailserver settings + mail_smtphost = "mx.${secrets.jimDomain}"; + mail_domain = "${secrets.jimDomain}"; + mail_from_address = "noreply"; + mail_smtpauth = "true"; + mail_smtpname = "noreply@${secrets.jimDomain}"; + mail_smtppassword = secrets.noreplyPassword; + mail_smtpmode = "smtp"; + mail_smtpport = 587; + }; + }; + nginx.virtualHosts."cloud.${secrets.jimDomain}" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + extraConfig = " + location /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + "; + }; }; }; } diff --git a/nixos/server/nginx.nix b/nixos/server/nginx.nix index 8cca4f8..e934fbd 100644 --- a/nixos/server/nginx.nix +++ b/nixos/server/nginx.nix @@ -15,68 +15,31 @@ "${secrets.jimDomain}" = { enableACME = true; addSSL = true; - root = "/var/www/jimweb"; + root = "/var/www/jimweb"; locations = { - "/.well-known/matrix/client" = { - extraConfig = '' + "/.well-known/matrix/client" = { + extraConfig = '' + default_type application/json; + return 200 ' + { + "m.homeserver": { + "base_url": "https://matrix.${secrets.jimDomain}" + }, + "m.identity_server": { + "base_url": "https://matrix.org" + }, + "org.matrix.msc3575.proxy": { + "url": "https://matrix.${secrets.jimDomain}" + } + }'; + ''; + }; + "/.well-known/matrix/server" = { + extraConfig = '' default_type application/json; - return 200 ' - { - "m.homeserver": { - "base_url": "https://matrix.${secrets.jimDomain}" - }, - "m.identity_server": { - "base_url": "https://matrix.org" - }, - "org.matrix.msc3575.proxy": { - "url": "https://matrix.${secrets.jimDomain}" - } - }'; - ''; - }; - "/.well-known/matrix/server" = { - extraConfig = '' - default_type application/json; - return 200 '{"m.server": "matrix.${secrets.jimDomain}:443"}'; - ''; - }; - }; - }; - - # Nextcloud Proxy - "cloud.${secrets.jimDomain}" = { - enableACME = true; - addSSL = true; - locations."/" = { - proxyWebsockets = true; - extraConfig = " - location /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - location /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } - "; - }; - }; - - # Vaultwarden Proxy - "warden.${secrets.jimDomain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8222"; - proxyWebsockets = true; - }; - }; - - # Recipes Proxy - "recipes.${secrets.jimDomain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:5030"; - proxyWebsockets = true; + return 200 '{"m.server": "matrix.${secrets.jimDomain}:443"}'; + ''; + }; }; }; @@ -90,56 +53,6 @@ }; }; - # Gitea Proxy - "git.${secrets.jimDomain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:3110"; - proxyWebsockets = true; - }; - }; - - # Pufferpanel Proxy - "panel.${secrets.jimDomain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:5010"; - proxyWebsockets = true; - }; - }; - - # Matrix Proxy - "matrix.${secrets.jimDomain}" = { - enableACME = true; - forceSSL = true; - locations = { - "/".extraConfig = ''return 403;''; - "/client".proxyPass = "http://127.0.0.1:8009"; - "/_matrix".proxyPass = "http://127.0.0.1:8008"; - "/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009"; - "/_synapse/client".proxyPass = "http://127.0.0.1:8008"; - }; - }; - - # Element Proxy - "chat.${secrets.jimDomain}" = { - enableACME = true; - addSSL = true; - root = "${pkgs.element-web}"; - }; - - # Coturn Proxy - "turn.${secrets.jimDomain}" = { - enableACME = true; - forceSSL = true; - listen = [ - { addr = "0.0.0.0"; port = 80; ssl = false; } - ]; - locations."/".proxyPass = "http://127.0.0.1:1380"; - }; - # Radio Proxy "radio.${secrets.jimDomain}" = { enableACME = true; @@ -147,34 +60,8 @@ locations."/" = { proxyPass = "http://127.0.0.1:255"; proxyWebsockets = true; - }; - }; - - # Streaming proxy - "live.${secrets.jimDomain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8060"; - proxyWebsockets = true; }; }; - - # Mail certificate proxy - "mx.${secrets.jimDomain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:1390"; - proxyWebsockets = true; - }; - }; - - # Add SSL to Lemmy - "lemmy.${secrets.jimDomain}" = { - enableACME = true; - forceSSL = true; - }; }; appendConfig = '' rtmp { @@ -197,10 +84,8 @@ ''; }; - # Force Nginx to work and be able to read+write the hls path - security.pam.services.nginx.setEnvironment = false; + # Allow Nginx to read and write to paths systemd.services.nginx.serviceConfig = { - SupplementaryGroups = [ "shadow" ]; ReadWritePaths = [ "/var/www/jimweb/streams/hls/" ]; }; } diff --git a/nixos/server/owncast.nix b/nixos/server/owncast.nix index ba4d842..ebe5dc5 100644 --- a/nixos/server/owncast.nix +++ b/nixos/server/owncast.nix @@ -1,8 +1,20 @@ -{ - services.owncast = { - enable = true; - port = 8060; - rtmp-port = 1945; - listen = "0.0.0.0"; +let + secrets = import ../modules/secrets.nix; +in { + services = { + owncast = { + enable = true; + port = 8060; + rtmp-port = 1945; + listen = "0.0.0.0"; + }; + nginx.virtualHosts."live.${secrets.jimDomain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8060"; + proxyWebsockets = true; + }; + }; }; } diff --git a/nixos/server/pufferpanel.nix b/nixos/server/pufferpanel.nix index dc308f6..290375e 100644 --- a/nixos/server/pufferpanel.nix +++ b/nixos/server/pufferpanel.nix @@ -1,23 +1,33 @@ -{pkgs, lib, ...}: { - services.pufferpanel = let - secrets = import ../modules/secrets.nix; - in { - enable = true; - environment = { - PUFFER_WEB_HOST = ":5010"; - PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${secrets.jimDomain}"; - PUFFER_PANEL_EMAIL_PROVIDER = "smtp"; - PUFFER_PANEL_EMAIL_HOST = "mx.${secrets.jimDomain}:587"; - PUFFER_PANEL_EMAIL_FROM = "noreply@${secrets.jimDomain}"; - PUFFER_PANEL_EMAIL_USERNAME = "noreply@${secrets.jimDomain}"; - PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword; +{pkgs, lib, ...}: let + secrets = import ../modules/secrets.nix; +in { + services = { + pufferpanel = { + enable = true; + environment = { + PUFFER_WEB_HOST = ":5010"; + PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${secrets.jimDomain}"; + PUFFER_PANEL_EMAIL_PROVIDER = "smtp"; + PUFFER_PANEL_EMAIL_HOST = "mx.${secrets.jimDomain}:587"; + PUFFER_PANEL_EMAIL_FROM = "noreply@${secrets.jimDomain}"; + PUFFER_PANEL_EMAIL_USERNAME = "noreply@${secrets.jimDomain}"; + PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword; + }; + extraPackages = with pkgs; [ bash curl gawk gnutar gzip ]; + package = pkgs.buildFHSEnv { + name = "pufferpanel-fhs"; + meta.mainProgram = "pufferpanel-fhs"; + runScript = lib.getExe pkgs.pufferpanel; + targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ]; + }; }; - extraPackages = with pkgs; [ bash curl gawk gnutar gzip ]; - package = pkgs.buildFHSEnv { - name = "pufferpanel-fhs"; - meta.mainProgram = "pufferpanel-fhs"; - runScript = lib.getExe pkgs.pufferpanel; - targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ]; + nginx.virtualHosts."panel.${secrets.jimDomain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:5010"; + proxyWebsockets = true; + }; }; }; } diff --git a/nixos/server/synapse.nix b/nixos/server/synapse.nix index 46aac9a..1b76a42 100644 --- a/nixos/server/synapse.nix +++ b/nixos/server/synapse.nix @@ -1,7 +1,7 @@ -{pkgs, config, ...}: { - services = let - secrets = import ../modules/secrets.nix; - in { +{pkgs, config, ...}: let + secrets = import ../modules/secrets.nix; +in { + services = { # Synapse Matrix server matrix-synapse = with config.services.coturn; { enable = true; @@ -92,5 +92,28 @@ cert = "/var/lib/acme/turn.${secrets.jimDomain}.com/fullchain.pem"; pkey = "/var/lib/acme/turn.${secrets.jimDomain}.com/key.pem"; }; + + # Nginx + nginx.virtualHosts = { + "matrix.${secrets.jimDomain}" = { + enableACME = true; + forceSSL = true; + locations = { + "/".extraConfig = ''return 403;''; + "/client".proxyPass = "http://127.0.0.1:8009"; + "/_matrix".proxyPass = "http://127.0.0.1:8008"; + "/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009"; + "/_synapse/client".proxyPass = "http://127.0.0.1:8008"; + }; + }; + "turn.${secrets.jimDomain}" = { + enableACME = true; + forceSSL = true; + listen = [ + { addr = "0.0.0.0"; port = 80; ssl = false; } + ]; + locations."/".proxyPass = "http://127.0.0.1:1380"; + }; + }; }; } diff --git a/nixos/server/tandoor.nix b/nixos/server/tandoor.nix index 77027f7..afa3d46 100644 --- a/nixos/server/tandoor.nix +++ b/nixos/server/tandoor.nix @@ -1,6 +1,18 @@ -{ - services.tandoor-recipes = { - enable = true; - port = 5030; +let + secrets = import ../modules/secrets.nix; +in { + services = { + tandoor-recipes = { + enable = true; + port = 5030; + }; + nginx.virtualHosts."recipes.${secrets.jimDomain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:5030"; + proxyWebsockets = true; + }; + }; }; } diff --git a/nixos/server/vaultwarden.nix b/nixos/server/vaultwarden.nix index 789bbd9..34c5000 100644 --- a/nixos/server/vaultwarden.nix +++ b/nixos/server/vaultwarden.nix @@ -1,24 +1,34 @@ -{ - services.vaultwarden = let - secrets = import ../modules/secrets.nix; - in { - enable = true; - config = { - DOMAIN = "https://warden.${secrets.jimDomain}"; - SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 8222; - ROCKET_LOG = "critical"; +let + secrets = import ../modules/secrets.nix; +in { + services = { + vaultwarden = { + enable = true; + config = { + DOMAIN = "https://warden.${secrets.jimDomain}"; + SIGNUPS_ALLOWED = false; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + ROCKET_LOG = "critical"; - # Smtp email - SMTP_HOST = "mx.${secrets.jimDomain}"; - SMTP_FROM = "Jimbo's Vaultwarden "; - SMTP_FROM_NAME = "Vaultwarden"; - SMTP_USERNAME = "noreply@${secrets.jimDomain}"; - SMTP_PASSWORD = secrets.noreplyPassword; - SMTP_SECURITY = "starttls"; - SMTP_PORT = 587; - SMTP_TIMEOUT = 15; + # Smtp email + SMTP_HOST = "mx.${secrets.jimDomain}"; + SMTP_FROM = "Jimbo's Vaultwarden "; + SMTP_FROM_NAME = "Vaultwarden"; + SMTP_USERNAME = "noreply@${secrets.jimDomain}"; + SMTP_PASSWORD = secrets.noreplyPassword; + SMTP_SECURITY = "starttls"; + SMTP_PORT = 587; + SMTP_TIMEOUT = 15; + }; + }; + nginx.virtualHosts."warden.${secrets.jimDomain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8222"; + proxyWebsockets = true; + }; }; }; }