Loading nixos/modules/services/web-apps/mobilizon.nix +47 −44 Original line number Diff line number Diff line Loading @@ -5,9 +5,17 @@ ... }: with lib; let inherit (lib) mkEnableOption mkPackageOption mkOption mkDefault mkIf types literalExpression ; cfg = config.services.mobilizon; user = "mobilizon"; Loading @@ -20,17 +28,13 @@ let # Make a package containing launchers with the correct envirenment, instead of # setting it with systemd services, so that the user can also use them without # troubles launchers = pkgs.stdenv.mkDerivation rec { pname = "${cfg.package.pname}-launchers"; inherit (cfg.package) version; launchers = pkgs.runCommand "${cfg.package.pname}-launchers-${cfg.package.version}" { src = cfg.package; nativeBuildInputs = with pkgs; [ makeWrapper ]; dontBuild = true; installPhase = '' } '' mkdir -p $out/bin makeWrapper \ Loading @@ -47,7 +51,6 @@ let --set MOBILIZON_CONFIG_PATH "${configFile}" \ --set-default RELEASE_TMP "/tmp" ''; }; repoSettings = cfg.settings.":mobilizon"."Mobilizon.Storage.Repo"; instanceSettings = cfg.settings.":mobilizon".":instance"; Loading Loading @@ -424,32 +427,32 @@ in virtualHosts."${hostname}" = { enableACME = lib.mkDefault true; forceSSL = lib.mkDefault true; extraConfig = '' proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; ''; locations."/" = { inherit proxyPass; proxyWebsockets = true; recommendedProxySettings = lib.mkDefault true; extraConfig = '' expires off; add_header Cache-Control "public, max-age=0, s-maxage=0, must-revalidate" always; ''; }; locations."~ ^/(js|css|img)" = { locations."~ ^/(assets|img)" = { root = "${cfg.package}/lib/mobilizon-${cfg.package.version}/priv/static"; extraConfig = '' etag off; access_log off; add_header Cache-Control "public, max-age=31536000, immutable"; add_header Cache-Control "public, max-age=31536000, s-maxage=31536000, immutable"; ''; }; locations."~ ^/(media|proxy)" = { inherit proxyPass; recommendedProxySettings = lib.mkDefault true; # Combination of HTTP/1.1 and disabled request buffering is # needed to directly forward chunked responses extraConfig = '' etag off; proxy_http_version 1.1; proxy_request_buffering off; access_log off; add_header Cache-Control "public, max-age=31536000, immutable"; add_header Cache-Control "public, max-age=31536000, s-maxage=31536000, immutable"; ''; }; }; Loading nixos/tests/all-tests.nix +1 −1 Original line number Diff line number Diff line Loading @@ -621,7 +621,7 @@ in { misc = handleTest ./misc.nix {}; misskey = handleTest ./misskey.nix {}; mjolnir = handleTest ./matrix/mjolnir.nix {}; mobilizon = handleTest ./mobilizon.nix {}; mobilizon = runTest ./mobilizon.nix; mod_perl = handleTest ./mod_perl.nix {}; molly-brown = handleTest ./molly-brown.nix {}; mollysocket = handleTest ./mollysocket.nix { }; Loading nixos/tests/mobilizon.nix +38 −40 Original line number Diff line number Diff line import ./make-test-python.nix ( { lib, ... }: let certs = import ./common/acme/server/snakeoil-certs.nix; Loading Loading @@ -46,4 +45,3 @@ import ./make-test-python.nix ( server.succeed("curl --fail https://${mobilizonDomain}/") ''; } ) pkgs/servers/mobilizon/0002-fix-media-proxy.patch 0 → 100644 +19 −0 Original line number Diff line number Diff line diff --git a/lib/web/proxy/reverse_proxy.ex b/lib/web/proxy/reverse_proxy.ex index 8a78ef27..788ccc30 100644 --- a/lib/web/proxy/reverse_proxy.ex +++ b/lib/web/proxy/reverse_proxy.ex @@ -187,9 +187,13 @@ defmodule Mobilizon.Web.ReverseProxy do @spec response(Plug.Conn.t(), any(), String.t(), pos_integer(), list(tuple()), Keyword.t()) :: Plug.Conn.t() defp response(conn, client, url, status, headers, opts) do + headers = build_resp_headers(headers, opts) + # Fix HTTP/1.1 protocol violation: content-length can't be combined with chunked encoding + headers = Enum.reject(headers, fn {k, _} -> k == "content-length" end) + result = conn - |> put_resp_headers(build_resp_headers(headers, opts)) + |> put_resp_headers(headers) |> send_chunked(status) |> chunk_reply(client, opts) No newline at end of file pkgs/servers/mobilizon/default.nix +13 −4 Original line number Diff line number Diff line Loading @@ -19,10 +19,19 @@ in mixRelease rec { inherit (common) pname version src; patches = [ # Version 5.1.1 failed to bump their internal package version, # which causes issues with static file serving in the NixOS module. # See https://github.com/NixOS/nixpkgs/pull/370277 patches = [ ./0001-fix-version.patch ]; ./0001-fix-version.patch # Mobilizon uses chunked Transfer-Encoding for the media proxy but also # sets the Content-Length header. This is a HTTP/1.1 protocol violation # and results in nginx >=1.24 rejecting the response with this error: # 'upstream sent "Content-Length" and "Transfer-Encoding" headers at the same # time while reading response header from upstream' # Upstream PR: https://framagit.org/framasoft/mobilizon/-/merge_requests/1604 ./0002-fix-media-proxy.patch ]; nativeBuildInputs = [ git Loading Loading
nixos/modules/services/web-apps/mobilizon.nix +47 −44 Original line number Diff line number Diff line Loading @@ -5,9 +5,17 @@ ... }: with lib; let inherit (lib) mkEnableOption mkPackageOption mkOption mkDefault mkIf types literalExpression ; cfg = config.services.mobilizon; user = "mobilizon"; Loading @@ -20,17 +28,13 @@ let # Make a package containing launchers with the correct envirenment, instead of # setting it with systemd services, so that the user can also use them without # troubles launchers = pkgs.stdenv.mkDerivation rec { pname = "${cfg.package.pname}-launchers"; inherit (cfg.package) version; launchers = pkgs.runCommand "${cfg.package.pname}-launchers-${cfg.package.version}" { src = cfg.package; nativeBuildInputs = with pkgs; [ makeWrapper ]; dontBuild = true; installPhase = '' } '' mkdir -p $out/bin makeWrapper \ Loading @@ -47,7 +51,6 @@ let --set MOBILIZON_CONFIG_PATH "${configFile}" \ --set-default RELEASE_TMP "/tmp" ''; }; repoSettings = cfg.settings.":mobilizon"."Mobilizon.Storage.Repo"; instanceSettings = cfg.settings.":mobilizon".":instance"; Loading Loading @@ -424,32 +427,32 @@ in virtualHosts."${hostname}" = { enableACME = lib.mkDefault true; forceSSL = lib.mkDefault true; extraConfig = '' proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; ''; locations."/" = { inherit proxyPass; proxyWebsockets = true; recommendedProxySettings = lib.mkDefault true; extraConfig = '' expires off; add_header Cache-Control "public, max-age=0, s-maxage=0, must-revalidate" always; ''; }; locations."~ ^/(js|css|img)" = { locations."~ ^/(assets|img)" = { root = "${cfg.package}/lib/mobilizon-${cfg.package.version}/priv/static"; extraConfig = '' etag off; access_log off; add_header Cache-Control "public, max-age=31536000, immutable"; add_header Cache-Control "public, max-age=31536000, s-maxage=31536000, immutable"; ''; }; locations."~ ^/(media|proxy)" = { inherit proxyPass; recommendedProxySettings = lib.mkDefault true; # Combination of HTTP/1.1 and disabled request buffering is # needed to directly forward chunked responses extraConfig = '' etag off; proxy_http_version 1.1; proxy_request_buffering off; access_log off; add_header Cache-Control "public, max-age=31536000, immutable"; add_header Cache-Control "public, max-age=31536000, s-maxage=31536000, immutable"; ''; }; }; Loading
nixos/tests/all-tests.nix +1 −1 Original line number Diff line number Diff line Loading @@ -621,7 +621,7 @@ in { misc = handleTest ./misc.nix {}; misskey = handleTest ./misskey.nix {}; mjolnir = handleTest ./matrix/mjolnir.nix {}; mobilizon = handleTest ./mobilizon.nix {}; mobilizon = runTest ./mobilizon.nix; mod_perl = handleTest ./mod_perl.nix {}; molly-brown = handleTest ./molly-brown.nix {}; mollysocket = handleTest ./mollysocket.nix { }; Loading
nixos/tests/mobilizon.nix +38 −40 Original line number Diff line number Diff line import ./make-test-python.nix ( { lib, ... }: let certs = import ./common/acme/server/snakeoil-certs.nix; Loading Loading @@ -46,4 +45,3 @@ import ./make-test-python.nix ( server.succeed("curl --fail https://${mobilizonDomain}/") ''; } )
pkgs/servers/mobilizon/0002-fix-media-proxy.patch 0 → 100644 +19 −0 Original line number Diff line number Diff line diff --git a/lib/web/proxy/reverse_proxy.ex b/lib/web/proxy/reverse_proxy.ex index 8a78ef27..788ccc30 100644 --- a/lib/web/proxy/reverse_proxy.ex +++ b/lib/web/proxy/reverse_proxy.ex @@ -187,9 +187,13 @@ defmodule Mobilizon.Web.ReverseProxy do @spec response(Plug.Conn.t(), any(), String.t(), pos_integer(), list(tuple()), Keyword.t()) :: Plug.Conn.t() defp response(conn, client, url, status, headers, opts) do + headers = build_resp_headers(headers, opts) + # Fix HTTP/1.1 protocol violation: content-length can't be combined with chunked encoding + headers = Enum.reject(headers, fn {k, _} -> k == "content-length" end) + result = conn - |> put_resp_headers(build_resp_headers(headers, opts)) + |> put_resp_headers(headers) |> send_chunked(status) |> chunk_reply(client, opts) No newline at end of file
pkgs/servers/mobilizon/default.nix +13 −4 Original line number Diff line number Diff line Loading @@ -19,10 +19,19 @@ in mixRelease rec { inherit (common) pname version src; patches = [ # Version 5.1.1 failed to bump their internal package version, # which causes issues with static file serving in the NixOS module. # See https://github.com/NixOS/nixpkgs/pull/370277 patches = [ ./0001-fix-version.patch ]; ./0001-fix-version.patch # Mobilizon uses chunked Transfer-Encoding for the media proxy but also # sets the Content-Length header. This is a HTTP/1.1 protocol violation # and results in nginx >=1.24 rejecting the response with this error: # 'upstream sent "Content-Length" and "Transfer-Encoding" headers at the same # time while reading response header from upstream' # Upstream PR: https://framagit.org/framasoft/mobilizon/-/merge_requests/1604 ./0002-fix-media-proxy.patch ]; nativeBuildInputs = [ git Loading
