diff options
| author | Maxim Devaev <[email protected]> | 2021-11-12 01:49:51 +0300 |
|---|---|---|
| committer | Maxim Devaev <[email protected]> | 2021-11-12 01:49:51 +0300 |
| commit | 8e60b8428814ffc8092a749a3d830d1f46309cae (patch) | |
| tree | 00dac91530ad8c7029214285f1b2dd58077b8079 | |
| parent | aa2de59ff5c500fa8617af5f2c26309e065bb8df (diff) | |
listen configs
| -rw-r--r-- | PKGBUILD | 5 | ||||
| -rw-r--r-- | configs/nginx/listen-http.conf | 2 | ||||
| -rw-r--r-- | configs/nginx/listen-https.conf | 2 | ||||
| -rw-r--r-- | configs/nginx/nginx.conf | 17 | ||||
| -rw-r--r-- | configs/nginx/redirect-to-https.conf | 1 | ||||
| -rw-r--r-- | kvmd.install | 3 |
6 files changed, 17 insertions, 13 deletions
@@ -100,7 +100,7 @@ md5sums=(SKIP) backup=( etc/kvmd/{override,logging,auth,meta}.yaml etc/kvmd/{ht,ipmi,vnc}passwd - etc/kvmd/nginx/{kvmd.ctx-{http,server},loc-{login,nocache,proxy,websocket},mime-types,ssl,nginx}.conf + etc/kvmd/nginx/{kvmd.ctx-{http,server},listen-http{,s},loc-{login,nocache,proxy,websocket},mime-types,ssl,redirect-to-https,nginx}.conf etc/kvmd/janus/janus{,.plugin.ustreamer,.transport.websockets}.jcfg etc/kvmd/web.css ) @@ -136,7 +136,6 @@ package_kvmd() { cp -r configs/* "$_cfg_default" find "$pkgdir" -name ".gitignore" -delete - sed -i -e "s/^#PROD//g" "$_cfg_default/nginx/nginx.conf" find "$_cfg_default" -type f -exec chmod 444 '{}' \; chmod 400 "$_cfg_default/kvmd"/*passwd chmod 750 "$_cfg_default/os/sudoers" @@ -145,7 +144,7 @@ package_kvmd() { mkdir -p "$pkgdir/etc/kvmd/"{nginx,vnc}"/ssl" chmod 755 "$pkgdir/etc/kvmd/"{nginx,vnc}"/ssl" install -Dm444 -t "$pkgdir/etc/kvmd/nginx" "$_cfg_default/nginx"/*.conf - chmod 644 "$pkgdir/etc/kvmd/nginx/nginx.conf" + chmod 644 "$pkgdir/etc/kvmd/nginx/"{nginx,redirect-to-https,ssl,listen-http{,s}}.conf mkdir -p "$pkgdir/etc/kvmd/janus" chmod 755 "$pkgdir/etc/kvmd/janus" diff --git a/configs/nginx/listen-http.conf b/configs/nginx/listen-http.conf new file mode 100644 index 00000000..76cb18d2 --- /dev/null +++ b/configs/nginx/listen-http.conf @@ -0,0 +1,2 @@ +listen 80; +listen [::]:80; diff --git a/configs/nginx/listen-https.conf b/configs/nginx/listen-https.conf new file mode 100644 index 00000000..f6091bbd --- /dev/null +++ b/configs/nginx/listen-https.conf @@ -0,0 +1,2 @@ +listen 443 ssl http2; +listen [::]:443 ssl http2; diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf index 71775387..81b8265d 100644 --- a/configs/nginx/nginx.conf +++ b/configs/nginx/nginx.conf @@ -36,19 +36,16 @@ http { include /etc/kvmd/nginx/kvmd.ctx-http.conf; include /usr/share/kvmd/extras/*/nginx.ctx-http.conf; -#PROD server { -#PROD listen 80; -#PROD listen [::]:80; -#PROD server_name localhost; -#PROD return 301 https://$host$request_uri; -#PROD } - server { -#PROD listen 443 ssl http2; -#PROD listen [::]:443 ssl http2; server_name localhost; -#PROD include /etc/kvmd/nginx/ssl.conf; + include /etc/kvmd/nginx/listen-http.conf; + include /etc/kvmd/nginx/redirect-to-https.conf; + } + server { + server_name localhost; + include /etc/kvmd/nginx/listen-https.conf; + include /etc/kvmd/nginx/ssl.conf; include /etc/kvmd/nginx/kvmd.ctx-server.conf; include /usr/share/kvmd/extras/*/nginx.ctx-server.conf; } diff --git a/configs/nginx/redirect-to-https.conf b/configs/nginx/redirect-to-https.conf new file mode 100644 index 00000000..7cf185dd --- /dev/null +++ b/configs/nginx/redirect-to-https.conf @@ -0,0 +1 @@ +return 301 https://$host$request_uri; diff --git a/kvmd.install b/kvmd.install index 4a683804..e693e81a 100644 --- a/kvmd.install +++ b/kvmd.install @@ -15,6 +15,9 @@ post_upgrade() { chown kvmd-ipmi:kvmd-ipmi /etc/kvmd/ipmipasswd chown kvmd-vnc:kvmd-vnc /etc/kvmd/vncpasswd chmod 600 /etc/kvmd/*passwd + for target in nginx redirect-to-https ssl listen-http listen-https; do + chmod 644 /etc/kvmd/nginx/$target.conf || true + done chown kvmd /var/lib/kvmd/msd || true |