Nginx proxy for Urbit in NixOS

I am running my #Urbit ship on Digital Ocean using #NixOS .

Took me quite a bit of time to figure the actual settings to use for Nginx to forward HTTPS to the port 8080 that vere uses. For some reason, default settings were causing the whole UI to misbehave completely: keep showing nonsense, disconnect etc. I finally found a working setup by asking around, googling and just trail and error.

In case you're interested, here are the settings that worked for me. TLS is set up using Let's Encrypt, terminated in Nginx, HTTP is redirected to HTTPs and HTTPs goes to vere.

    services.nginx.enable = true;
    services.nginx.recommendedOptimisation = true;
    services.nginx.recommendedProxySettings = true;
    services.nginx.recommendedGzipSettings = true;
    services.nginx.recommendedTlsSettings = true;

    services.nginx.virtualHosts."napzod-dopzod.arvo.network" = {
        forceSSL = true;
        enableACME = true;
        http2 = false;
        locations."/" = {
            proxyWebsockets = true;
            proxyPass = "http://127.0.0.1:8080";
            extraConfig = ''
              # required when the target is also TLS server with multiple hosts
              proxy_ssl_server_name on;
              # required when the server wants to use HTTP Authentication
              proxy_pass_header Authorization;
              chunked_transfer_encoding off; 
              proxy_buffering off; 
              proxy_cache off; 
            '' + "proxy_set_header Connection '';"; 
        };
    };

    security.acme.certs = {
      "napzod-dopzod.arvo.network".email = "[email protected]";
    };

I have not attempted to minimize these settings, so I don't know which ones are actually necessary.

I am still running vere in a lame way: by starting it in tmux session, since I don't have a working Nix recipe for it yet. If you do, make sure to submit a PR to Nixpkgs so we can all benefit.