webterm/scripts/patch-nginx-llm-proxy.sh

#!/usr/bin/env bash
set -euo pipefail

NGINX_CONF="${NGINX_CONF:-/etc/nginx/nginx.conf}"
LLM_PROXY_PATH="${LLM_PROXY_PATH:-/llm/}"
LLM_UPSTREAM="${LLM_UPSTREAM:-http://127.0.0.1:11435/}"

if [[ ! -f "$NGINX_CONF" ]]; then
  echo "nginx config not found: $NGINX_CONF" >&2
  exit 1
fi

if [[ $EUID -ne 0 ]]; then
  echo "run as root: sudo $0" >&2
  exit 1
fi

backup_path="${NGINX_CONF}.webterm-llm-$(date +%Y%m%d-%H%M%S).bak"
cp "$NGINX_CONF" "$backup_path"
echo "backup created: $backup_path"

python3 - "$NGINX_CONF" "$LLM_PROXY_PATH" "$LLM_UPSTREAM" <<'PY'
from pathlib import Path
import sys

config_path = Path(sys.argv[1])
location_path = sys.argv[2]
upstream = sys.argv[3]
text = config_path.read_text()

if f"location {location_path}" in text:
    print(f"proxy location already present: {location_path}")
    raise SystemExit(0)

target = """        location / {\n            if ($valid_origin = "0") { return 403; }\n            proxy_pass         http://127.0.0.1:8080;\n            proxy_http_version 1.1;\n            proxy_set_header   Upgrade           $http_upgrade;\n            proxy_set_header   Connection        "upgrade";\n            proxy_set_header   Host              $host;\n            proxy_set_header   X-Real-IP         $remote_addr;\n            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;\n            proxy_set_header   X-Forwarded-Proto $scheme;\n        }\n"""

replacement = f"""        location {location_path} {{\n            if ($valid_origin = "0") {{ return 403; }}\n            proxy_pass            {upstream};\n            proxy_http_version    1.1;\n            proxy_connect_timeout 30s;\n            proxy_send_timeout    300s;\n            proxy_read_timeout    300s;\n            proxy_set_header      Host              $host;\n            proxy_set_header      X-Real-IP         $remote_addr;\n            proxy_set_header      X-Forwarded-For   $proxy_add_x_forwarded_for;\n            proxy_set_header      X-Forwarded-Proto $scheme;\n        }}\n\n{target}"""

if target not in text:
    print("target webterm location block not found in nginx.conf", file=sys.stderr)
    raise SystemExit(1)

config_path.write_text(text.replace(target, replacement, 1))
print(f"inserted proxy location {location_path} -> {upstream}")
PY

nginx -t
echo "nginx config valid"
echo "reload when ready: sudo systemctl reload nginx"