software/headless-chromium: fix ipv6 config and clean up nginx.conf

software/headless-chromium/buildout.hash.cfg

 [template-cfg]
 filename = instance.cfg.in
-md5sum = 60aa835b1e1c9a38dea875a509f72ab0
+md5sum = ff048b5480605cebfbc76e9bb89ad4e9
 
 [instance-headless-chromium]
 _update_hash_filename_ = instance_headless-chromium.cfg.in
-md5sum = 73ced594be9d9360f57310c840274348
+md5sum = 4aa466bb0297baba80b39fd283922ac9
 
 [template-chromium-launcher]
 _update_hash_filename_ = templates/launcher.in
@@ -12,7 +12,7 @@ md5sum = 578df08913415c427486093787b4aea6
 
 [template-nginx-conf]
 _update_hash_filename_ = templates/nginx.conf.in
-md5sum = 027ec1003e0b621ccb90ccd2caabaeba
+md5sum = 88c3275d7e9cf51b96664c25adf14cbb
 
 [template-nginx-launcher]
 _update_hash_filename_ = templates/nginx_launcher.in

software/headless-chromium/instance.cfg.in

@@ -22,6 +22,7 @@ filename = instance_headless-chromium.cfg
 context =
   section buildout buildout
   section parameter_list profile-common
+  key partition_ipv6 slap-configuration:ipv6-random
 
 [switch-softwaretype]
 recipe = slapos.cookbook:switch-softwaretype

software/headless-chromium/instance_headless-chromium.cfg.in

@@ -18,7 +18,7 @@ service = ${:etc}/service
 log = ${:home}/log
 
 [headless-chromium]
-ip = ${slap-network-information:global-ipv6}
+ip = {{ partition_ipv6 }}
 remote-debugging-port = 9222
 url = https://example.com
 remote_debug_url = http://[${:ip}]:${:remote-debugging-port}

software/headless-chromium/templates/nginx.conf.in

@@ -17,22 +17,13 @@ http {
     uwsgi_temp_path {{ param_chromium_headless['nginx_temp_path'] }};
     scgi_temp_path {{ param_chromium_headless['nginx_temp_path'] }};
 
-    # The proxy must set the Host header to an IP address, since the headless Chromium shell refuses to run otherwise, for security reasons.
-
-    location /devtools {
-      proxy_http_version 1.1;
-      proxy_set_header Host [{{ param_chromium_headless['ip'] }}]:{{ param_chromium_headless['remote-debugging-port'] }};
-
-      # TODO: do we really need to manually set the Upgrade and Connection headers anymore?
-      proxy_set_header Upgrade "websocket";
-      proxy_set_header Connection "Upgrade";
-      proxy_pass http://[{{ param_chromium_headless['ip']}}]:{{ param_chromium_headless['remote-debugging-port'] }};
-    }
-
     location / {
       proxy_http_version 1.1;
+
+      # The proxy must set the Host header to an IP address, since the headless Chromium shell refuses to run otherwise, for security reasons.
+      # See https://bugs.chromium.org/p/chromium/issues/detail?id=813540.
       proxy_set_header Host [{{ param_chromium_headless['ip'] }}]:{{ param_chromium_headless['remote-debugging-port'] }};
-      proxy_pass http://[{{ param_chromium_headless['ip']}}]:{{ param_chromium_headless['remote-debugging-port'] }};
+      proxy_pass {{ param_chromium_headless['remote_debug_url'] }};
 
       # The browser security policy will prevent us from loading the Websocket connection without TLS, so we have to go through the frontend CDN URL. The tricky thing is that the frontend URL is not available yet when this file is built; what we do instead is use the given Host header. This is possibly fragile; perhaps alternatives are worth investigating.
       sub_filter "ws=[{{ param_chromium_headless['ip'] }}]:{{ param_chromium_headless['remote-debugging-port'] }}" "wss=$host";