flake.nix

@@ -72,12 +72,6 @@
                 default = true;
                 description = "Whether to use Nginx to proxy requests.";
               };
-              useHostTls = lib.mkOption {
-                type = lib.types.bool;
-                default = false;
-                description =
-                  "Whether virtual host should enable NixOS ACME certs";
-              };
             };
             config.users = lib.mkIf cfg.enable {
               groups."${backendName}" = { };
@@ -105,23 +99,24 @@
                   Group = "${backendName}";
                 };
             };
-            config.services.nginx.virtualHosts.${cfg.host} = {
+            config.services.nginx.virtualHosts.${cfg.host}.locations."/api" =
-              forceSSL = cfg.useHostTls;
+              lib.mkIf cfg.enable {
-              enableACME = cfg.useHostTls;
-              locations."/api" = lib.mkIf cfg.enable {
                 proxyPass = "http://127.0.0.1:${toString cfg.port}";
                 # this is config for websocket
-                proxyWebsockets = true;
                 extraConfig = ''
                   rewrite ^/api/(.*)$ /$1 break;
                   proxy_set_header Host $host;
                   proxy_set_header X-Real-IP $remote_addr;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header X-Forwarded-Proto $scheme;
+
+                  # Add the following lines for WebSocket support
+                  proxy_http_version 1.1;
+                  proxy_set_header Upgrade $http_upgrade;
+                  proxy_set_header Connection "upgrade";
                 '';
               };
           };
-          };
       });
   # see https://serokell.io/blog/practical-nix-flakes
 }