From 77a121082b34f027b856e7c18f742ab7e31acbe5 Mon Sep 17 00:00:00 2001
From: Alex Vandiver <alexmv@zulip.com>
Date: Wed, 25 Sep 2024 09:59:35 -0400
Subject: [PATCH] kandra: Add localhost access to internal APIs on port 80.

This parallels 02d3fb76660e.
---
 puppet/kandra/files/nginx/sites-available/zulip      | 12 ++++++++++++
 .../kandra/files/nginx/sites-available/zulip-staging | 12 ++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/puppet/kandra/files/nginx/sites-available/zulip b/puppet/kandra/files/nginx/sites-available/zulip
index 2a13290d81..31917499b9 100644
--- a/puppet/kandra/files/nginx/sites-available/zulip
+++ b/puppet/kandra/files/nginx/sites-available/zulip
@@ -1,3 +1,15 @@
+server {
+    # If coming from localhost, we do allow access to internal
+    # APIs over HTTP.
+    listen 127.0.0.1:80;
+    listen [::1]:80;
+
+    location /api/internal/ {
+        include /etc/nginx/zulip-include/api_headers;
+        include uwsgi_params;
+    }
+}
+
 include /etc/nginx/zulip-include/trusted-proto;
 include /etc/nginx/zulip-include/s3-cache;
 include /etc/nginx/zulip-include/upstreams;
diff --git a/puppet/kandra/files/nginx/sites-available/zulip-staging b/puppet/kandra/files/nginx/sites-available/zulip-staging
index 53db11e2de..c4d25ca67d 100644
--- a/puppet/kandra/files/nginx/sites-available/zulip-staging
+++ b/puppet/kandra/files/nginx/sites-available/zulip-staging
@@ -1,3 +1,15 @@
+server {
+    # If coming from localhost, we do allow access to internal
+    # APIs over HTTP.
+    listen 127.0.0.1:80;
+    listen [::1]:80;
+
+    location /api/internal/ {
+        include /etc/nginx/zulip-include/api_headers;
+        include uwsgi_params;
+    }
+}
+
 include /etc/nginx/zulip-include/trusted-proto;
 include /etc/nginx/zulip-include/s3-cache;
 include /etc/nginx/zulip-include/upstreams;