Fix cloud-init setup of ooni_backendproxy

* Drop unattended upgrades from config since it comes with the base
  image

tf/modules/ooni_backendproxy/templates/cloud-init.yml

@@ -2,42 +2,43 @@ package_update: true
 
 packages:
  - nginx
+ - libnginx-mod-stream
 
 write_files:
  - path: /etc/nginx/sites-available/default
  content: |
- %{ if length(wcth_addresses) > 0 }
- upstream wcths {
- %{ for address in wcth_addresses }
- server ${ address };
- %{ endfor }
- }
  server {
- server_name *.${ wcth_domain_suffix };
  listen 80;
 
+ server_name _;
+
  location / {
- proxy_pass http://wcths;
+ proxy_pass ${backend_url};
  proxy_http_version 1.1;
  proxy_set_header Host \$host;
  }
+ error_log /var/log/nginx/error.log;
  }
- %{ endif }
 
+ %{ if length(wcth_addresses) > 0 }
+ upstream wcths {
+ %{ for address in wcth_addresses }
+ server ${ address };
+ %{ endfor }
+ }
  server {
+ server_name *.${ wcth_domain_suffix };
  listen 80;
 
- server_name _;
-
  location / {
- proxy_pass ${backend_url};
+ proxy_pass http://wcths;
  proxy_http_version 1.1;
  proxy_set_header Host \$host;
  }
- error_log /var/log/nginx/error.log;
  }
+ %{ endif }
 
- - path: /etc/nginx/modules-enabled/stream.conf
+ - path: /etc/nginx/modules-enabled/99-stream.conf
  content: |
  stream {
  upstream clickhouse_backend {

tf/modules/ooni_th_droplet/templates/cloud-init.yml

@@ -21,22 +21,8 @@ package_update: true
 packages:
  - oohelperd
  - nginx
- #- unattended-upgrades
 
 write_files:
- # - path: /etc/apt/apt.conf.d/20auto-upgrades
- # content: |
- # APT::Periodic::Update-Package-Lists "1";
- # APT::Periodic::Unattended-Upgrade "1";
-
- # - path: /etc/apt/apt.conf.d/50unattended-upgrades
- # content: |
- # Unattended-Upgrade::Allowed-Origins {
- # //"${distro_id} stable";
- # "${distro_id} ${distro_codename}-security";
- # "${distro_id} ${distro_codename}-updates";
- # };
-
  - path: /etc/nginx/sites-available/default
  content: |
  proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=thcache:100M