Proxy requests to the backends we're interested in

We need to do this ugly thing because CORS and single sign-on do not
play well together, most importantly they break on redirects to the
sso-server (which is cross-origin), so you need to be logged in
already on all backends (monitor, alerts) for the page to "work"...

Dockerfile

+FROM golang:1.19 AS build
+
+ADD . /src
+WORKDIR /src
+RUN go build -tags netgo -o server server.go
+
 FROM node:current-bullseye AS assets
 
 ADD . /src
 WORKDIR /src
 RUN npm install && ./node_modules/.bin/webpack
 
-FROM registry.git.autistici.org/ai3/docker/static-content:master
+FROM scratch
 COPY --from=assets /src/assets/ /var/www/
+COPY --from=build /src/server /server
+
+ENTRYPOINT ["/server"]

README.md

 Simple admin dashboard for A/I.
 
 Contains links to useful internal systems and account management tools.
+
+The HTTP server serves static files but also proxies requests to some
+backends we're interested in (prometheus, alertmanager). This is
+necessary because we can't do client-side requests to these other
+services on other domains due to browser's CORS policies: in practice,
+CORS prevents the single-sign on request flow (through the sso-server
+and back) to work because redirects are [forbidden by
+CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed).
+
+

server.go

+package main
+
+import (
+	"context"
+	"flag"
+	"log"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+)
+
+var (
+	addr              = flag.String("addr", getenv("ADDR", ":3000"), "TCP `addr` to listen on")
+	karmaBackend      = flag.String("karma-url", getenv("ALERTS_URL", ""), "`URL` for the Karma backend")
+	prometheusBackend = flag.String("prometheus-url", getenv("PROMETHEUS_URL", ""), "`URL` for the Prometheus backend")
+
+	rootDir = "/var/www"
+
+	alertBackendURL      *url.URL
+	prometheusBackendURL *url.URL
+)
+
+func getenv(k, dflt string) string {
+	if s := os.Getenv(k); s != "" {
+		return s
+	}
+	return dflt
+}
+
+func main() {
+	log.SetFlags(0)
+	flag.Parse()
+
+	var err error
+	alertBackendURL, err = url.Parse(*karmaBackend)
+	if err != nil {
+		log.Fatalf("Error parsing --karma-url: %v", err)
+	}
+	prometheusBackendURL, err = url.Parse(*prometheusBackend)
+	if err != nil {
+		log.Fatalf("Error parsing --prometheus-url: %v", err)
+	}
+
+	// Proxy some specific URLs to certain backends. If we need
+	// more we'll add them.
+	http.Handle("/alerts.json", httputil.NewSingleHostReverseProxy(alertBackendURL))
+	http.Handle("/api/v1/", httputil.NewSingleHostReverseProxy(prometheusBackendURL))
+
+	// Simple static file server for /var/www.
+	http.Handle("/", http.FileServer(http.Dir(rootDir)))
+
+	srv := &http.Server{
+		Addr:         *addr,
+		ReadTimeout:  30 * time.Second,
+		WriteTimeout: 30 * time.Second,
+		IdleTimeout:  600 * time.Second,
+	}
+
+	sigCh := make(chan os.Signal, 1)
+	go func() {
+		<-sigCh
+		// Gracefully terminate for 3 seconds max, then shut
+		// down remaining clients.
+		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+		defer cancel()
+		err := srv.Shutdown(ctx)
+		if err == context.Canceled {
+			err = srv.Close()
+		}
+		if err != nil {
+			log.Printf("error terminating server: %v", err)
+		}
+	}()
+	signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
+
+	log.Printf("starting static server on %s", *addr)
+	if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+		log.Fatalf("error: %v", err)
+	}
+}

src/dashboard.js

 import { PrometheusDriver } from 'prometheus-query';
 
 const prom = new PrometheusDriver({
-    endpoint: "https://monitor.autistici.org",
+    endpoint: "https://admin.autistici.org",
     baseURL: "/api/v1",
     withCredentials: true
 });
 
 const accountsQuery = "sum(max(accounts_count) by (shard,type,status)) by (type)";
 
-const alertsURL = "https://alerts.autistici.org/alerts.json";
+const alertsURL = "https://admin.autistici.org/alerts.json";
 
 const alertsQuery = {
     filters: ["@state=active", "severity=page"],