#!/usr/bin/env bash set -euo pipefail NGINX_CONF="${NGINX_CONF:-/etc/nginx/nginx.conf}" LLM_PROXY_PATH="${LLM_PROXY_PATH:-/llm/}" LLM_UPSTREAM="${LLM_UPSTREAM:-http://127.0.0.1:11435/}" if [[ ! -f "$NGINX_CONF" ]]; then echo "nginx config not found: $NGINX_CONF" >&2 exit 1 fi if [[ $EUID -ne 0 ]]; then echo "run as root: sudo $0" >&2 exit 1 fi backup_path="${NGINX_CONF}.webterm-llm-$(date +%Y%m%d-%H%M%S).bak" cp "$NGINX_CONF" "$backup_path" echo "backup created: $backup_path" python3 - "$NGINX_CONF" "$LLM_PROXY_PATH" "$LLM_UPSTREAM" <<'PY' from pathlib import Path import sys config_path = Path(sys.argv[1]) location_path = sys.argv[2] upstream = sys.argv[3] text = config_path.read_text() if f"location {location_path}" in text: print(f"proxy location already present: {location_path}") raise SystemExit(0) target = """ location / {\n if ($valid_origin = "0") { return 403; }\n proxy_pass http://127.0.0.1:8080;\n proxy_http_version 1.1;\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection "upgrade";\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Proto $scheme;\n }\n""" replacement = f""" location {location_path} {{\n if ($valid_origin = "0") {{ return 403; }}\n proxy_pass {upstream};\n proxy_http_version 1.1;\n proxy_connect_timeout 30s;\n proxy_send_timeout 300s;\n proxy_read_timeout 300s;\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Proto $scheme;\n }}\n\n{target}""" if target not in text: print("target webterm location block not found in nginx.conf", file=sys.stderr) raise SystemExit(1) config_path.write_text(text.replace(target, replacement, 1)) print(f"inserted proxy location {location_path} -> {upstream}") PY nginx -t echo "nginx config valid" echo "reload when ready: sudo systemctl reload nginx"