From 2486a94d2198dcd122edf4b13b61062f2c329f80 Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Mon, 18 Mar 2024 21:19:42 +0530
Subject: [PATCH 1/6] Add the service the serves status.ente.io

---
 infra/services/status/README.md           | 39 +++++++++++++++++++++++
 infra/services/status/uptime-kuma.conf    | 19 +++++++++++
 infra/services/status/uptime-kuma.service | 16 ++++++++++
 3 files changed, 74 insertions(+)
 create mode 100644 infra/services/status/README.md
 create mode 100644 infra/services/status/uptime-kuma.conf
 create mode 100644 infra/services/status/uptime-kuma.service

diff --git a/infra/services/status/README.md b/infra/services/status/README.md
new file mode 100644
index 0000000000..51166f424a
--- /dev/null
+++ b/infra/services/status/README.md
@@ -0,0 +1,39 @@
+# Status
+
+Our status page ([status.ente.io](https://status.ente.io)) is a self-hosted
+[Uptime Kuma](https://github.com/louislam/uptime-kuma).
+
+## Installing
+
+Install [nginx](../nginx/README.md).
+
+Create a directory where Uptime Kuma will keep its state. This is the directory
+we can optionally backup if we wish to preserve history and settings when moving
+instances in the future.
+
+```sh
+sudo mkdir -p /root/uptime-kuma
+```
+
+Add the service definition and nginx configuration.
+
+```sh
+scp services/status/uptime-kuma.* <instance>:
+
+sudo mv uptime-kuma.service /etc/systemd/system/uptime-kuma.service
+sudo mv uptime-kuma.nginx.conf /root/nginx/conf.d
+```
+
+Tell systemd to pick up new service definitions, enable the unit (so that it
+automatically starts on boot), and start it this time around.
+
+```sh
+sudo systemctl daemon-reload
+sudo systemctl enable --now uptime-kuma
+```
+
+Restart nginx
+
+```sh
+sudo systemctl restart nginx
+```
diff --git a/infra/services/status/uptime-kuma.conf b/infra/services/status/uptime-kuma.conf
new file mode 100644
index 0000000000..6c3b08b332
--- /dev/null
+++ b/infra/services/status/uptime-kuma.conf
@@ -0,0 +1,19 @@
+# This file gets loaded in a top level http block by the default nginx.conf
+# See infra/services/nginx/README.md for more details.
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    ssl_certificate         /etc/ssl/certs/cert.pem;
+    ssl_certificate_key     /etc/ssl/private/key.pem;
+
+    server_name status.ente.io;
+
+    location / {
+        proxy_pass http://host.docker.internal:3001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
diff --git a/infra/services/status/uptime-kuma.service b/infra/services/status/uptime-kuma.service
new file mode 100644
index 0000000000..11789d8c48
--- /dev/null
+++ b/infra/services/status/uptime-kuma.service
@@ -0,0 +1,16 @@
+[Unit]
+Documentation=https://github.com/louislam/uptime-kuma
+Requires=docker.service
+After=docker.service
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+ExecStartPre=docker pull louislam/uptime-kuma:1
+ExecStartPre=-docker stop uptime-kuma
+ExecStartPre=-docker rm uptime-kuma
+ExecStart=docker run --name uptime-kuma \
+    -p 3001:3001 \
+    -v /root/uptime-kuma:/app/data \
+    louislam/uptime-kuma:1

From 64c95d239747c8dbd12c66601b953981781a1b6d Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Mon, 18 Mar 2024 21:34:24 +0530
Subject: [PATCH 2/6] Tweak formatting

---
 infra/services/nginx/README.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/infra/services/nginx/README.md b/infra/services/nginx/README.md
index 6d46b4de18..75c2c77980 100644
--- a/infra/services/nginx/README.md
+++ b/infra/services/nginx/README.md
@@ -16,12 +16,16 @@ sudo mv nginx.service /etc/systemd/system/nginx.service
 
 Create a directory to house service specific configuration
 
-    sudo mkdir -p /root/nginx/conf.d
+```sh
+sudo mkdir -p /root/nginx/conf.d
+```
 
 Add the SSL certificate provided by Cloudflare
 
-    sudo tee /root/nginx/cert.pem
-    sudo tee /root/nginx/key.pem
+```sh
+sudo tee /root/nginx/cert.pem
+sudo tee /root/nginx/key.pem
+```
 
 Tell systemd to pick up new service definition, enable it (so that it
 automatically starts on boot going forward), and start it.

From ba896f2f3af50b77e97bce242a1fa68cfb6633d3 Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Mon, 18 Mar 2024 21:36:01 +0530
Subject: [PATCH 3/6] Match file name convention

---
 .../services/status/{uptime-kuma.conf => uptime-kuma.nginx.conf}  | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename infra/services/status/{uptime-kuma.conf => uptime-kuma.nginx.conf} (100%)

diff --git a/infra/services/status/uptime-kuma.conf b/infra/services/status/uptime-kuma.nginx.conf
similarity index 100%
rename from infra/services/status/uptime-kuma.conf
rename to infra/services/status/uptime-kuma.nginx.conf

From 19724367dfb3c56e72124b9830b9d5793911b009 Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Mon, 18 Mar 2024 21:45:02 +0530
Subject: [PATCH 4/6] Support nginx configuration reloads

---
 infra/services/nginx/README.md             | 7 ++++---
 infra/services/nginx/nginx.service         | 2 ++
 infra/services/status/README.md            | 4 ++--
 server/scripts/deploy/README.md            | 2 +-
 server/scripts/deploy/museum.nginx.service | 1 +
 5 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/infra/services/nginx/README.md b/infra/services/nginx/README.md
index 75c2c77980..7239a56104 100644
--- a/infra/services/nginx/README.md
+++ b/infra/services/nginx/README.md
@@ -2,7 +2,7 @@
 
 This is a base Nginx service that terminates TLS, and can be used as a reverse
 proxy for arbitrary services by adding new entries in `/root/nginx/conf.d` and
-`sudo systemctl restart nginx`.
+`sudo systemctl reload nginx`.
 
 ## Installation
 
@@ -41,7 +41,7 @@ When adding new services that sit behind Nginx,
 
 1. Add its nginx conf file to `/root/nginx/conf.d`
 
-2. Restart nginx (`sudo systemctl restart nginx`)
+2. Restart nginx (`sudo systemctl reload nginx`)
 
 ## Configuration files
 
@@ -60,4 +60,5 @@ We can see this in the default configuration of nginx:
 >     docker run --rm --entrypoint=cat nginx /etc/nginx/nginx.conf > /tmp/nginx.conf
 
 This is a [handy tool](https://nginx-playground.wizardzines.com) to check the
-syntax of the configuration files.
+syntax of the configuration files. Alternatively, you can run `docker exec nginx
+nginx -t` on the instance to ask nginx to check the configuration.
diff --git a/infra/services/nginx/nginx.service b/infra/services/nginx/nginx.service
index 4f772d38dd..958bb6e06a 100644
--- a/infra/services/nginx/nginx.service
+++ b/infra/services/nginx/nginx.service
@@ -2,6 +2,7 @@
 Documentation=https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/
 Requires=docker.service
 After=docker.service
+Requires=nginx.service
 
 [Install]
 WantedBy=multi-user.target
@@ -17,3 +18,4 @@ ExecStart=docker run --name nginx \
     -v /root/nginx/key.pem:/etc/ssl/private/key.pem:ro \
     -v /root/nginx/conf.d:/etc/nginx/conf.d:ro \
     nginx
+ExecReload=docker exec nginx nginx -s reload
diff --git a/infra/services/status/README.md b/infra/services/status/README.md
index 51166f424a..d2e4b55e32 100644
--- a/infra/services/status/README.md
+++ b/infra/services/status/README.md
@@ -32,8 +32,8 @@ sudo systemctl daemon-reload
 sudo systemctl enable --now uptime-kuma
 ```
 
-Restart nginx
+Tell nginx to pick up the new configuration.
 
 ```sh
-sudo systemctl restart nginx
+sudo systemctl reload nginx
 ```
diff --git a/server/scripts/deploy/README.md b/server/scripts/deploy/README.md
index 04d1212109..35e1ec079f 100644
--- a/server/scripts/deploy/README.md
+++ b/server/scripts/deploy/README.md
@@ -87,7 +87,7 @@ To bring up an additional museum node:
       scp scripts/deploy/museum.nginx.conf <instance>:
 
       sudo mv museum.nginx.conf /root/nginx/conf.d
-      sudo systemctl restart nginx
+      sudo systemctl reload nginx
 
 ## Starting
 
diff --git a/server/scripts/deploy/museum.nginx.service b/server/scripts/deploy/museum.nginx.service
index 73cdd3ff1c..566c6c0486 100644
--- a/server/scripts/deploy/museum.nginx.service
+++ b/server/scripts/deploy/museum.nginx.service
@@ -2,6 +2,7 @@
 Documentation=https://github.com/ente-io/ente/tree/main/server#readme
 Requires=docker.service
 After=docker.service
+Requires=nginx.service
 
 [Service]
 Restart=on-failure

From 9fe8d1fd531d1293e5cb907abb92ccbaf7a4a44e Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Mon, 18 Mar 2024 21:56:39 +0530
Subject: [PATCH 5/6] Add recommended headers

---
 infra/services/status/README.md              | 2 +-
 infra/services/status/uptime-kuma.nginx.conf | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/infra/services/status/README.md b/infra/services/status/README.md
index d2e4b55e32..b9da80092d 100644
--- a/infra/services/status/README.md
+++ b/infra/services/status/README.md
@@ -20,7 +20,7 @@ Add the service definition and nginx configuration.
 ```sh
 scp services/status/uptime-kuma.* <instance>:
 
-sudo mv uptime-kuma.service /etc/systemd/system/uptime-kuma.service
+sudo mv uptime-kuma.service /etc/systemd/system/
 sudo mv uptime-kuma.nginx.conf /root/nginx/conf.d
 ```
 
diff --git a/infra/services/status/uptime-kuma.nginx.conf b/infra/services/status/uptime-kuma.nginx.conf
index 6c3b08b332..2f5b6ecc4e 100644
--- a/infra/services/status/uptime-kuma.nginx.conf
+++ b/infra/services/status/uptime-kuma.nginx.conf
@@ -15,5 +15,11 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Recommended options from Uptime Kuma Wiki
+        # https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy#nginx
+        proxy_http_version 1.1;
+        proxy_set_header   Upgrade $http_upgrade;
+        proxy_set_header   Connection "upgrade";
     }
 }

From f6e575885d9bb3f883f26cb3c3c8364f500c0f01 Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Tue, 19 Mar 2024 05:38:02 +0530
Subject: [PATCH 6/6] Note the dashboard URL

---
 infra/services/status/README.md              | 4 ++++
 infra/services/status/uptime-kuma.nginx.conf | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/infra/services/status/README.md b/infra/services/status/README.md
index b9da80092d..78d12001e2 100644
--- a/infra/services/status/README.md
+++ b/infra/services/status/README.md
@@ -37,3 +37,7 @@ Tell nginx to pick up the new configuration.
 ```sh
 sudo systemctl reload nginx
 ```
+
+## Administration
+
+Login into the [dashboard](https://status.ente.io/dashboard) for administration.
diff --git a/infra/services/status/uptime-kuma.nginx.conf b/infra/services/status/uptime-kuma.nginx.conf
index 2f5b6ecc4e..c45c7b6606 100644
--- a/infra/services/status/uptime-kuma.nginx.conf
+++ b/infra/services/status/uptime-kuma.nginx.conf
@@ -16,7 +16,8 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
 
-        # Recommended options from Uptime Kuma Wiki
+        # Recommended options from Uptime Kuma Wiki for Websockets.
+        #
         # https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy#nginx
         proxy_http_version 1.1;
         proxy_set_header   Upgrade $http_upgrade;